33 files changed, 1703 insertions, 720 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/0001-Add-enable-disable-udev.patch b/meta/recipes-devtools/qemu/qemu/0001-Add-enable-disable-udev.patch
deleted file mode 100644
index c99adee8a9..0000000000
--- a/meta/recipes-devtools/qemu/qemu/0001-Add-enable-disable-udev.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From b921e5204030845dc7c9d16d5f66d965e8d05367 Mon Sep 17 00:00:00 2001
-From: Jeremy Puhlman <jpuhlman@mvista.com>
-Date: Thu, 19 Mar 2020 11:54:26 -0700
-Subject: [PATCH] Add enable/disable libudev
-Upstream-Status: Pending
-Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com>
-[update patch context]
-Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
---
- configure | 4 ++++
- 1 file changed, 4 insertions(+)
-Index: qemu-5.2.0/configure
-===================================================================
--- qemu-5.2.0.orig/configure
-+++ qemu-5.2.0/configure
-@@ -1525,6 +1525,10 @@ for opt do
-   ;;
-   --disable-libdaxctl) libdaxctl=no
-   ;;
-+  --enable-libudev) libudev="yes"
-+  ;;
-+  --disable-libudev) libudev="no"
-+  ;;
-   *)
-       echo "ERROR: unknown option $opt"
-       echo "Try '$0 --help' for more information"
diff --git a/meta/recipes-devtools/qemu/qemu/0001-linux-user-x86_64-Handle-the-vsyscall-page-in-open_s.patch b/meta/recipes-devtools/qemu/qemu/0001-linux-user-x86_64-Handle-the-vsyscall-page-in-open_s.patch
new file mode 100644
index 0000000000..2eaebe883c
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/0001-linux-user-x86_64-Handle-the-vsyscall-page-in-open_s.patch
@@ -0,0 +1,56 @@
+From 4517e2046610722879761bcdb60edbb2b929c848 Mon Sep 17 00:00:00 2001
+From: Richard Henderson <richard.henderson@linaro.org>
+Date: Wed, 28 Feb 2024 10:25:14 -1000
+Subject: [PATCH 1/5] linux-user/x86_64: Handle the vsyscall page in
+ open_self_maps_{2,4}
+This is the only case in which we expect to have no host memory backing
+for a guest memory page, because in general linux user processes cannot
+map any pages in the top half of the 64-bit address space.
+Upstream-Status: Submitted [https://www.mail-archive.com/qemu-devel@nongnu.org/msg1026793.html]
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2170
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+---
+ linux-user/syscall.c | 16 ++++++++++++++++
+ 1 file changed, 16 insertions(+)
+diff --git a/linux-user/syscall.c b/linux-user/syscall.c
+index a114f29a8..8307a8a61 100644
+--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
+@@ -7922,6 +7922,10 @@ static void open_self_maps_4(const struct open_self_maps_data *d,
+         path = "[heap]";
+     } else if (start == info->vdso) {
+         path = "[vdso]";
+#ifdef TARGET_X86_64
+    } else if (start == TARGET_VSYSCALL_PAGE) {
+        path = "[vsyscall]";
+#endif
+     }
+ 
+     /* Except null device (MAP_ANON), adjust offset for this fragment. */
+@@ -8010,6 +8014,18 @@ static int open_self_maps_2(void *opaque, target_ulong guest_start,
+     uintptr_t host_start = (uintptr_t)g2h_untagged(guest_start);
+     uintptr_t host_last = (uintptr_t)g2h_untagged(guest_end - 1);
+ 
+#ifdef TARGET_X86_64
+    /*
+     * Because of the extremely high position of the page within the guest
+     * virtual address space, this is not backed by host memory at all.
+     * Therefore the loop below would fail.  This is the only instance
+     * of not having host backing memory.
+     */
+    if (guest_start == TARGET_VSYSCALL_PAGE) {
+        return open_self_maps_3(opaque, guest_start, guest_end, flags);
+    }
+#endif
+
+     while (1) {
+         IntervalTreeNode *n =
+             interval_tree_iter_first(d->host_maps, host_start, host_start);
+-- 
+2.34.1
diff --git a/meta/recipes-devtools/qemu/qemu/0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch b/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-addition-environment-space-to-boot-loader-q.patch
index fd54f96b03..c65508017d 100644
--- a/meta/recipes-devtools/qemu/qemu/0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch
+++ b/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-addition-environment-space-to-boot-loader-q.patch
@@ -1,7 +1,7 @@
-From ce1eceab2350d27960ec254650717085f6a11c9a Mon Sep 17 00:00:00 2001
+From de64af82950a6908f9407dfc92b83c17e2af3eab Mon Sep 17 00:00:00 2001
 From: Jason Wessel <jason.wessel@windriver.com>
 Date: Fri, 28 Mar 2014 17:42:43 +0800
-Subject: [PATCH] qemu: Add addition environment space to boot loader
+Subject: [PATCH 01/12] qemu: Add addition environment space to boot loader
 qemu-system-mips
 Upstream-Status: Inappropriate - OE uses deep paths
@@ -18,13 +18,13 @@ Signed-off-by: Roy Li <rongqing.li@windriver.com>
 hw/mips/malta.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
-Index: qemu-5.2.0/hw/mips/malta.c
+Index: qemu-8.0.0/hw/mips/malta.c
 ===================================================================
--- qemu-5.2.0.orig/hw/mips/malta.c
+--- qemu-8.0.0.orig/hw/mips/malta.c
-+++ qemu-5.2.0/hw/mips/malta.c
+++ qemu-8.0.0/hw/mips/malta.c
-@@ -62,7 +62,7 @@
+@@ -64,7 +64,7 @@
- 
+ #define ENVP_PADDR          0x2000
- #define ENVP_ADDR           0x80002000l
+ #define ENVP_VADDR          cpu_mips_phys_to_kseg0(NULL, ENVP_PADDR)
 #define ENVP_NB_ENTRIES     16
 -#define ENVP_ENTRY_SIZE     256
 +#define ENVP_ENTRY_SIZE     1024
diff --git a/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch b/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch
deleted file mode 100644
index 8ce12bdb43..0000000000
--- a/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch
+++ /dev/null
@@ -1,141 +0,0 @@
-From 883feb43129dc39b491e492c7ccfe89aefe53c44 Mon Sep 17 00:00:00 2001
-From: Richard Purdie <richard.purdie@linuxfoundation.org>
-Date: Thu, 27 Nov 2014 14:04:29 +0000
-Subject: [PATCH] qemu: Add missing wacom HID descriptor
-The USB wacom device is missing a HID descriptor which causes it
-to fail to operate with recent kernels (e.g. 3.17).
-This patch adds a HID desriptor to the device, based upon one from
-real wcom device.
-Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-Upstream-Status: Submitted
-2014/11/27
-[update patch context]
-Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
---
- hw/usb/dev-wacom.c | 94 +++++++++++++++++++++++++++++++++++++++++++++-
- 1 file changed, 93 insertions(+), 1 deletion(-)
-Index: qemu-5.2.0/hw/usb/dev-wacom.c
-===================================================================
--- qemu-5.2.0.orig/hw/usb/dev-wacom.c
-+++ qemu-5.2.0/hw/usb/dev-wacom.c
-@@ -69,6 +69,89 @@ static const USBDescStrings desc_strings
-     [STR_SERIALNUMBER]     = "1",
- };
- 
-+static const uint8_t qemu_tablet_hid_report_descriptor[] = {
-+    0x05, 0x01,                /* Usage Page (Generic Desktop) */
-+    0x09, 0x02,                /* Usage (Mouse) */
-+    0xa1, 0x01,                /* Collection (Application) */
-+    0x85, 0x01,                /*   Report ID (1) */ 
-+    0x09, 0x01,                /*   Usage (Pointer) */
-+    0xa1, 0x00,                /*   Collection (Physical) */
-+    0x05, 0x09,                /*     Usage Page (Button) */
-+    0x19, 0x01,                /*     Usage Minimum (1) */
-+    0x29, 0x05,                /*     Usage Maximum (5) */
-+    0x15, 0x00,                /*     Logical Minimum (0) */
-+    0x25, 0x01,                /*     Logical Maximum (1) */
-+    0x95, 0x05,                /*     Report Count (5) */
-+    0x75, 0x01,                /*     Report Size (1) */
-+    0x81, 0x02,                /*     Input (Data, Variable, Absolute) */
-+    0x95, 0x01,                /*     Report Count (1) */
-+    0x75, 0x03,                /*     Report Size (3) */
-+    0x81, 0x01,                /*     Input (Constant) */
-+    0x05, 0x01,                /*     Usage Page (Generic Desktop) */
-+    0x09, 0x30,                /*     Usage (X) */
-+    0x09, 0x31,                /*     Usage (Y) */
-+    0x15, 0x81,                /*     Logical Minimum (-127) */
-+    0x25, 0x7f,                /*     Logical Maximum (127) */
-+    0x75, 0x08,                /*     Report Size (8) */
-+    0x95, 0x02,                /*     Report Count (2) */
-+    0x81, 0x06,                /*     Input (Data, Variable, Relative) */
-+    0xc0,              /*   End Collection */
-+    0xc0,              /* End Collection */
-+    0x05, 0x0d,                /* Usage Page (Digitizer) */
-+    0x09, 0x01,                /* Usage (Digitizer) */
-+    0xa1, 0x01,                /* Collection (Application) */
-+    0x85, 0x02,                /*   Report ID (2) */ 
-+    0xa1, 0x00,                /*   Collection (Physical) */
-+    0x06, 0x00, 0xff,   /*   Usage Page (Vendor 0xff00) */
-+    0x09, 0x01,        /*   Usage (Digitizer) */
-+    0x15, 0x00,        /*     Logical Minimum (0) */
-+    0x26, 0xff, 0x00,  /*     Logical Maximum (255) */
-+    0x75, 0x08,                /*     Report Size (8) */
-+    0x95, 0x08,                /*     Report Count (8) */
-+    0x81, 0x02,                /*     Input (Data, Variable, Absolute) */
-+    0xc0,              /*   End Collection */
-+    0x09, 0x01,                /*   Usage (Digitizer) */
-+    0x85, 0x02,        /*   Report ID (2) */ 
-+    0x95, 0x01,                /*   Report Count (1) */
-+    0xb1, 0x02,                /*   FEATURE (2) */
-+    0xc0,              /* End Collection */
-+    0x06, 0x00, 0xff,  /* Usage Page (Vendor 0xff00) */
-+    0x09, 0x01,                /* Usage (Digitizer) */
-+    0xa1, 0x01,                /* Collection (Application) */
-+    0x85, 0x02,        /*   Report ID (2) */ 
-+    0x05, 0x0d,                /*   Usage Page (Digitizer)  */
-+    0x09, 0x22,        /*   Usage (Finger) */
-+    0xa1, 0x00,        /*   Collection (Physical) */
-+    0x06, 0x00, 0xff,  /*   Usage Page (Vendor 0xff00) */
-+    0x09, 0x01,                /*     Usage (Digitizer) */
-+    0x15, 0x00,        /*     Logical Minimum (0) */
-+    0x26, 0xff, 0x00,          /*     Logical Maximum */
-+    0x75, 0x08,                /*     Report Size (8) */
-+    0x95, 0x02,                /*     Report Count (2) */
-+    0x81, 0x02,        /*     Input (Data, Variable, Absolute) */
-+    0x05, 0x01,                /*     Usage Page (Generic Desktop) */
-+    0x09, 0x30,                /*     Usage (X) */
-+    0x35, 0x00,        /*     Physical Minimum */
-+    0x46, 0xe0, 0x2e,  /*     Physical Maximum */
-+    0x26, 0xe0, 0x01,   /*     Logical Maximum */
-+    0x75, 0x10,                /*     Report Size (16) */
-+    0x95, 0x01,                /*     Report Count (1) */
-+    0x81, 0x02,                /*     Input (Data, Variable, Absolute) */
-+    0x09, 0x31,                /*     Usage (Y) */
-+    0x46, 0x40, 0x1f,  /*     Physical Maximum */
-+    0x26, 0x40, 0x01,  /*     Logical Maximum */
-+    0x81, 0x02,        /*     Input (Data, Variable, Absolute) */
-+    0x06, 0x00, 0xff,  /*     Usage Page (Vendor 0xff00) */
-+    0x09, 0x01,        /*     Usage (Digitizer) */
-+    0x26, 0xff, 0x00,          /*     Logical Maximum */
-+    0x75, 0x08,                /*     Report Size (8) */
-+    0x95, 0x0d,                /*     Report Count (13) */
-+    0x81, 0x02,                /*     Input (Data, Variable, Absolute) */
-+    0xc0,              /*   End Collection */ 
-+    0xc0,              /* End Collection */
-+};
-+
-+
- static const USBDescIface desc_iface_wacom = {
-     .bInterfaceNumber              = 0,
-     .bNumEndpoints                 = 1,
-@@ -86,7 +169,7 @@ static const USBDescIface desc_iface_wac
-                 0x00,          /*  u8  country_code */
-                 0x01,          /*  u8  num_descriptors */
-                 USB_DT_REPORT, /*  u8  type: Report */
-                0x6e, 0,       /*  u16 len */
-+                sizeof(qemu_tablet_hid_report_descriptor), 0,       /*  u16 len */
-             },
-         },
-     },
-@@ -266,6 +349,15 @@ static void usb_wacom_handle_control(USB
-     }
- 
-     switch (request) {
-+    case InterfaceRequest | USB_REQ_GET_DESCRIPTOR:
-+        switch (value >> 8) {
-+        case 0x22:
-+                memcpy(data, qemu_tablet_hid_report_descriptor,
-+                       sizeof(qemu_tablet_hid_report_descriptor));
-+                p->actual_length = sizeof(qemu_tablet_hid_report_descriptor);
-+            break;
-+        }
-+        break;
-     case WACOM_SET_REPORT:
-         if (s->mouse_grabbed) {
-             qemu_remove_mouse_event_handler(s->eh_entry);
diff --git a/meta/recipes-devtools/qemu/qemu/0001-tests-meson.build-use-relative-path-to-refer-to-file.patch b/meta/recipes-devtools/qemu/qemu/0001-tests-meson.build-use-relative-path-to-refer-to-file.patch
deleted file mode 100644
index 5cb5757c37..0000000000
--- a/meta/recipes-devtools/qemu/qemu/0001-tests-meson.build-use-relative-path-to-refer-to-file.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From a4bdc0416134477e4eae386db04b1de7491163bb Mon Sep 17 00:00:00 2001
-From: Changqing Li <changqing.li@windriver.com>
-Date: Thu, 14 Jan 2021 06:33:04 +0000
-Subject: [PATCH] tests/meson.build: use relative path to refer to files
-Fix error like:
-Fatal error: can't create tests/ptimer-test.p/..._qemu-5.2.0_hw_core_ptimer.c.o: File name too long
-when build path is too long, use meson.source_root() will make this
-filename too long. Fixed by using relative path to refer to files
-Upstream-Status: Submitted [send to qemu-devel]
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
---
- tests/meson.build   | 2 +-
- 1 files changed, 1 insertions(+), 1 deletion(-)
-diff --git a/tests/meson.build b/tests/meson.build
-index afeb6be..54684b5 100644
--- a/tests/meson.build
-+++ b/tests/meson.build
-@@ -113,7 +113,7 @@ tests = {
-   'test-keyval': [testqapi],
-   'test-logging': [],
-   'test-uuid': [],
-  'ptimer-test': ['ptimer-test-stubs.c', meson.source_root() / 'hw/core/ptimer.c'],
-+  'ptimer-test': ['ptimer-test-stubs.c', '../hw/core/ptimer.c'],
-   'test-qapi-util': [],
- }
- 
-- 
-2.29.2
diff --git a/meta/recipes-devtools/qemu/qemu/0002-linux-user-Replace-use-of-lfs64-related-functions-an.patch b/meta/recipes-devtools/qemu/qemu/0002-linux-user-Replace-use-of-lfs64-related-functions-an.patch
new file mode 100644
index 0000000000..ceae67be64
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/0002-linux-user-Replace-use-of-lfs64-related-functions-an.patch
@@ -0,0 +1,355 @@
+From 71f14902256e3c3529710b713e1ea43100bf4c40 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Sat, 17 Dec 2022 08:37:46 -0800
+Subject: [PATCH 2/2] linux-user: Replace use of lfs64 related functions and
+ macros
+Builds defines -D_FILE_OFFSET_BITS=64 which makes the original functions
+anf macros behave same as their 64 suffixed counterparts. This also
+helps in compiling with latest musl C library, where these macros and
+functions are no more available under _GNU_SOURCE feature macro
+Upstream-Status: Submitted [https://lists.gnu.org/archive/html/qemu-devel/2022-12/msg02841.html]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Cc: Laurent Vivier <laurent@vivier.eu>
+---
+ linux-user/syscall.c | 153 +++++++++++--------------------------------
+ 1 file changed, 39 insertions(+), 114 deletions(-)
+Index: qemu-8.0.0/linux-user/syscall.c
+===================================================================
+--- qemu-8.0.0.orig/linux-user/syscall.c
+++ qemu-8.0.0/linux-user/syscall.c
+@@ -761,8 +761,8 @@ safe_syscall6(ssize_t, copy_file_range,
+  */
+ #define safe_ioctl(...) safe_syscall(__NR_ioctl, __VA_ARGS__)
+ /* Similarly for fcntl. Note that callers must always:
+- *  pass the F_GETLK64 etc constants rather than the unsuffixed F_GETLK
+- *  use the flock64 struct rather than unsuffixed flock
+ *  pass the F_GETLK etc constants rather than the unsuffixed F_GETLK
+ *  use the flock struct rather than unsuffixed flock
+  * This will then work and use a 64-bit offset for both 32-bit and 64-bit hosts.
+  */
+ #ifdef __NR_fcntl64
+@@ -6813,13 +6813,13 @@ static int target_to_host_fcntl_cmd(int
+         ret = cmd;
+         break;
+     case TARGET_F_GETLK:
+-        ret = F_GETLK64;
+        ret = F_GETLK;
+         break;
+     case TARGET_F_SETLK:
+-        ret = F_SETLK64;
+        ret = F_SETLK;
+         break;
+     case TARGET_F_SETLKW:
+-        ret = F_SETLKW64;
+        ret = F_SETLKW;
+         break;
+     case TARGET_F_GETOWN:
+         ret = F_GETOWN;
+@@ -6833,17 +6833,6 @@ static int target_to_host_fcntl_cmd(int
+     case TARGET_F_SETSIG:
+         ret = F_SETSIG;
+         break;
+-#if TARGET_ABI_BITS == 32
+-    case TARGET_F_GETLK64:
+-        ret = F_GETLK64;
+-        break;
+-    case TARGET_F_SETLK64:
+-        ret = F_SETLK64;
+-        break;
+-    case TARGET_F_SETLKW64:
+-        ret = F_SETLKW64;
+-        break;
+-#endif
+     case TARGET_F_SETLEASE:
+         ret = F_SETLEASE;
+         break;
+@@ -6895,8 +6884,8 @@ static int target_to_host_fcntl_cmd(int
+      * them to 5, 6 and 7 before making the syscall(). Since we make the
+      * syscall directly, adjust to what is supported by the kernel.
+      */
+-    if (ret >= F_GETLK64 && ret <= F_SETLKW64) {
+-        ret -= F_GETLK64 - 5;
+    if (ret >= F_GETLK && ret <= F_SETLKW) {
+        ret -= F_GETLK - 5;
+     }
+ #endif
+ 
+@@ -6929,55 +6918,11 @@ static int host_to_target_flock(int type
+     return type;
+ }
+ 
+-static inline abi_long copy_from_user_flock(struct flock64 *fl,
+-                                            abi_ulong target_flock_addr)
+-{
+-    struct target_flock *target_fl;
+-    int l_type;
+-
+-    if (!lock_user_struct(VERIFY_READ, target_fl, target_flock_addr, 1)) {
+-        return -TARGET_EFAULT;
+-    }
+-
+-    __get_user(l_type, &target_fl->l_type);
+-    l_type = target_to_host_flock(l_type);
+-    if (l_type < 0) {
+-        return l_type;
+-    }
+-    fl->l_type = l_type;
+-    __get_user(fl->l_whence, &target_fl->l_whence);
+-    __get_user(fl->l_start, &target_fl->l_start);
+-    __get_user(fl->l_len, &target_fl->l_len);
+-    __get_user(fl->l_pid, &target_fl->l_pid);
+-    unlock_user_struct(target_fl, target_flock_addr, 0);
+-    return 0;
+-}
+-
+-static inline abi_long copy_to_user_flock(abi_ulong target_flock_addr,
+-                                          const struct flock64 *fl)
+-{
+-    struct target_flock *target_fl;
+-    short l_type;
+-
+-    if (!lock_user_struct(VERIFY_WRITE, target_fl, target_flock_addr, 0)) {
+-        return -TARGET_EFAULT;
+-    }
+-
+-    l_type = host_to_target_flock(fl->l_type);
+-    __put_user(l_type, &target_fl->l_type);
+-    __put_user(fl->l_whence, &target_fl->l_whence);
+-    __put_user(fl->l_start, &target_fl->l_start);
+-    __put_user(fl->l_len, &target_fl->l_len);
+-    __put_user(fl->l_pid, &target_fl->l_pid);
+-    unlock_user_struct(target_fl, target_flock_addr, 1);
+-    return 0;
+-}
+-
+-typedef abi_long from_flock64_fn(struct flock64 *fl, abi_ulong target_addr);
+-typedef abi_long to_flock64_fn(abi_ulong target_addr, const struct flock64 *fl);
+typedef abi_long from_flock_fn(struct flock *fl, abi_ulong target_addr);
+typedef abi_long to_flock_fn(abi_ulong target_addr, const struct flock *fl);
+ 
+ #if defined(TARGET_ARM) && TARGET_ABI_BITS == 32
+-struct target_oabi_flock64 {
+struct target_oabi_flock {
+     abi_short l_type;
+     abi_short l_whence;
+     abi_llong l_start;
+@@ -6985,10 +6930,10 @@ struct target_oabi_flock64 {
+     abi_int   l_pid;
+ } QEMU_PACKED;
+ 
+-static inline abi_long copy_from_user_oabi_flock64(struct flock64 *fl,
+static inline abi_long copy_from_user_oabi_flock(struct flock *fl,
+                                                    abi_ulong target_flock_addr)
+ {
+-    struct target_oabi_flock64 *target_fl;
+    struct target_oabi_flock *target_fl;
+     int l_type;
+ 
+     if (!lock_user_struct(VERIFY_READ, target_fl, target_flock_addr, 1)) {
+@@ -7009,10 +6954,10 @@ static inline abi_long copy_from_user_oa
+     return 0;
+ }
+ 
+-static inline abi_long copy_to_user_oabi_flock64(abi_ulong target_flock_addr,
+-                                                 const struct flock64 *fl)
+static inline abi_long copy_to_user_oabi_flock(abi_ulong target_flock_addr,
+                                                 const struct flock *fl)
+ {
+-    struct target_oabi_flock64 *target_fl;
+    struct target_oabi_flock *target_fl;
+     short l_type;
+ 
+     if (!lock_user_struct(VERIFY_WRITE, target_fl, target_flock_addr, 0)) {
+@@ -7030,10 +6975,10 @@ static inline abi_long copy_to_user_oabi
+ }
+ #endif
+ 
+-static inline abi_long copy_from_user_flock64(struct flock64 *fl,
+static inline abi_long copy_from_user_flock(struct flock *fl,
+                                               abi_ulong target_flock_addr)
+ {
+-    struct target_flock64 *target_fl;
+    struct target_flock *target_fl;
+     int l_type;
+ 
+     if (!lock_user_struct(VERIFY_READ, target_fl, target_flock_addr, 1)) {
+@@ -7054,10 +6999,10 @@ static inline abi_long copy_from_user_fl
+     return 0;
+ }
+ 
+-static inline abi_long copy_to_user_flock64(abi_ulong target_flock_addr,
+-                                            const struct flock64 *fl)
+static inline abi_long copy_to_user_flock(abi_ulong target_flock_addr,
+                                            const struct flock *fl)
+ {
+-    struct target_flock64 *target_fl;
+    struct target_flock *target_fl;
+     short l_type;
+ 
+     if (!lock_user_struct(VERIFY_WRITE, target_fl, target_flock_addr, 0)) {
+@@ -7076,7 +7021,7 @@ static inline abi_long copy_to_user_floc
+ 
+ static abi_long do_fcntl(int fd, int cmd, abi_ulong arg)
+ {
+-    struct flock64 fl64;
+    struct flock fl64;
+ #ifdef F_GETOWN_EX
+     struct f_owner_ex fox;
+     struct target_f_owner_ex *target_fox;
+@@ -7089,6 +7034,7 @@ static abi_long do_fcntl(int fd, int cmd
+ 
+     switch(cmd) {
+     case TARGET_F_GETLK:
+    case TARGET_F_OFD_GETLK:
+         ret = copy_from_user_flock(&fl64, arg);
+         if (ret) {
+             return ret;
+@@ -7098,32 +7044,11 @@ static abi_long do_fcntl(int fd, int cmd
+             ret = copy_to_user_flock(arg, &fl64);
+         }
+         break;
+-
+     case TARGET_F_SETLK:
+     case TARGET_F_SETLKW:
+-        ret = copy_from_user_flock(&fl64, arg);
+-        if (ret) {
+-            return ret;
+-        }
+-        ret = get_errno(safe_fcntl(fd, host_cmd, &fl64));
+-        break;
+-
+-    case TARGET_F_GETLK64:
+-    case TARGET_F_OFD_GETLK:
+-        ret = copy_from_user_flock64(&fl64, arg);
+-        if (ret) {
+-            return ret;
+-        }
+-        ret = get_errno(safe_fcntl(fd, host_cmd, &fl64));
+-        if (ret == 0) {
+-            ret = copy_to_user_flock64(arg, &fl64);
+-        }
+-        break;
+-    case TARGET_F_SETLK64:
+-    case TARGET_F_SETLKW64:
+     case TARGET_F_OFD_SETLK:
+     case TARGET_F_OFD_SETLKW:
+-        ret = copy_from_user_flock64(&fl64, arg);
+        ret = copy_from_user_flock(&fl64, arg);
+         if (ret) {
+             return ret;
+         }
+@@ -7348,7 +7273,7 @@ static inline abi_long target_truncate64
+         arg2 = arg3;
+         arg3 = arg4;
+     }
+-    return get_errno(truncate64(arg1, target_offset64(arg2, arg3)));
+    return get_errno(truncate(arg1, target_offset64(arg2, arg3)));
+ }
+ #endif
+ 
+@@ -7362,7 +7287,7 @@ static inline abi_long target_ftruncate6
+         arg2 = arg3;
+         arg3 = arg4;
+     }
+-    return get_errno(ftruncate64(arg1, target_offset64(arg2, arg3)));
+    return get_errno(ftruncate(arg1, target_offset64(arg2, arg3)));
+ }
+ #endif
+ 
+@@ -8598,7 +8523,7 @@ static int do_getdents(abi_long dirfd, a
+     void *tdirp;
+     int hlen, hoff, toff;
+     int hreclen, treclen;
+-    off64_t prev_diroff = 0;
+    off_t prev_diroff = 0;
+ 
+     hdirp = g_try_malloc(count);
+     if (!hdirp) {
+@@ -8651,7 +8576,7 @@ static int do_getdents(abi_long dirfd, a
+              * Return what we have, resetting the file pointer to the
+              * location of the first record not returned.
+              */
+-            lseek64(dirfd, prev_diroff, SEEK_SET);
+            lseek(dirfd, prev_diroff, SEEK_SET);
+             break;
+         }
+ 
+@@ -8685,7 +8610,7 @@ static int do_getdents64(abi_long dirfd,
+     void *tdirp;
+     int hlen, hoff, toff;
+     int hreclen, treclen;
+-    off64_t prev_diroff = 0;
+    off_t prev_diroff = 0;
+ 
+     hdirp = g_try_malloc(count);
+     if (!hdirp) {
+@@ -8727,7 +8652,7 @@ static int do_getdents64(abi_long dirfd,
+              * Return what we have, resetting the file pointer to the
+              * location of the first record not returned.
+              */
+-            lseek64(dirfd, prev_diroff, SEEK_SET);
+            lseek(dirfd, prev_diroff, SEEK_SET);
+             break;
+         }
+ 
+@@ -11158,7 +11083,7 @@ static abi_long do_syscall1(CPUArchState
+                 return -TARGET_EFAULT;
+             }
+         }
+-        ret = get_errno(pread64(arg1, p, arg3, target_offset64(arg4, arg5)));
+        ret = get_errno(pread(arg1, p, arg3, target_offset64(arg4, arg5)));
+         unlock_user(p, arg2, ret);
+         return ret;
+     case TARGET_NR_pwrite64:
+@@ -11175,7 +11100,7 @@ static abi_long do_syscall1(CPUArchState
+                 return -TARGET_EFAULT;
+             }
+         }
+-        ret = get_errno(pwrite64(arg1, p, arg3, target_offset64(arg4, arg5)));
+        ret = get_errno(pwrite(arg1, p, arg3, target_offset64(arg4, arg5)));
+         unlock_user(p, arg2, 0);
+         return ret;
+ #endif
+@@ -11998,14 +11923,14 @@ static abi_long do_syscall1(CPUArchState
+     case TARGET_NR_fcntl64:
+     {
+         int cmd;
+-        struct flock64 fl;
+-        from_flock64_fn *copyfrom = copy_from_user_flock64;
+-        to_flock64_fn *copyto = copy_to_user_flock64;
+        struct flock fl;
+        from_flock_fn *copyfrom = copy_from_user_flock;
+        to_flock_fn *copyto = copy_to_user_flock;
+ 
+ #ifdef TARGET_ARM
+         if (!cpu_env->eabi) {
+-            copyfrom = copy_from_user_oabi_flock64;
+-            copyto = copy_to_user_oabi_flock64;
+            copyfrom = copy_from_user_oabi_flock;
+            copyto = copy_to_user_oabi_flock;
+         }
+ #endif
+ 
+@@ -12015,7 +11940,7 @@ static abi_long do_syscall1(CPUArchState
+         }
+ 
+         switch(arg2) {
+-        case TARGET_F_GETLK64:
+        case TARGET_F_GETLK:
+             ret = copyfrom(&fl, arg3);
+             if (ret) {
+                 break;
+@@ -12026,8 +11951,8 @@ static abi_long do_syscall1(CPUArchState
+             }
+            break;
+ 
+-        case TARGET_F_SETLK64:
+-        case TARGET_F_SETLKW64:
+        case TARGET_F_SETLK:
+        case TARGET_F_SETLKW:
+             ret = copyfrom(&fl, arg3);
+             if (ret) {
+                 break;
diff --git a/meta/recipes-devtools/qemu/qemu/0002-linux-user-loongarch64-Remove-TARGET_FORCE_SHMLBA.patch b/meta/recipes-devtools/qemu/qemu/0002-linux-user-loongarch64-Remove-TARGET_FORCE_SHMLBA.patch
new file mode 100644
index 0000000000..3f01aaa644
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/0002-linux-user-loongarch64-Remove-TARGET_FORCE_SHMLBA.patch
@@ -0,0 +1,43 @@
+From 5bf65b24414d3ff8339f6f1beb221c7c35c91e5d Mon Sep 17 00:00:00 2001
+From: Richard Henderson <richard.henderson@linaro.org>
+Date: Wed, 28 Feb 2024 10:25:15 -1000
+Subject: [PATCH 2/5] linux-user/loongarch64: Remove TARGET_FORCE_SHMLBA
+The kernel abi was changed with
+    commit d23b77953f5a4fbf94c05157b186aac2a247ae32
+    Author: Huacai Chen <chenhuacai@kernel.org>
+    Date:   Wed Jan 17 12:43:08 2024 +0800
+        LoongArch: Change SHMLBA from SZ_64K to PAGE_SIZE
+during the v6.8 cycle.
+Upstream-Status: Submitted [https://www.mail-archive.com/qemu-devel@nongnu.org/msg1026793.html]
+Reviewed-by: Song Gao <gaosong@loongson.cn>
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+---
+ linux-user/loongarch64/target_syscall.h | 7 -------
+ 1 file changed, 7 deletions(-)
+diff --git a/linux-user/loongarch64/target_syscall.h b/linux-user/loongarch64/target_syscall.h
+index 8b5de5212..39f229bb9 100644
+--- a/linux-user/loongarch64/target_syscall.h
+++ b/linux-user/loongarch64/target_syscall.h
+@@ -38,11 +38,4 @@ struct target_pt_regs {
+ #define TARGET_MCL_FUTURE  2
+ #define TARGET_MCL_ONFAULT 4
+ 
+-#define TARGET_FORCE_SHMLBA
+-
+-static inline abi_ulong target_shmlba(CPULoongArchState *env)
+-{
+-    return 64 * KiB;
+-}
+-
+ #endif
+-- 
+2.34.1
diff --git a/meta/recipes-devtools/qemu/qemu/0007-apic-fixup-fallthrough-to-PIC.patch b/meta/recipes-devtools/qemu/qemu/0003-apic-fixup-fallthrough-to-PIC.patch
index 294cf5129f..e85f8202e9 100644
--- a/meta/recipes-devtools/qemu/qemu/0007-apic-fixup-fallthrough-to-PIC.patch
+++ b/meta/recipes-devtools/qemu/qemu/0003-apic-fixup-fallthrough-to-PIC.patch
@@ -1,7 +1,7 @@
-From a59a98d100123030a4145e7efe3b8a001920a9f1 Mon Sep 17 00:00:00 2001
+From dc2a8ccd440ee3741b61606eafed3f7e092f4312 Mon Sep 17 00:00:00 2001
 From: Mark Asselstine <mark.asselstine@windriver.com>
 Date: Tue, 26 Feb 2013 11:43:28 -0500
-Subject: [PATCH] apic: fixup fallthrough to PIC
+Subject: [PATCH 03/12] apic: fixup fallthrough to PIC
 Commit 0e21e12bb311c4c1095d0269dc2ef81196ccb60a [Don't route PIC
 interrupts through the local APIC if the local APIC config says so.]
@@ -29,11 +29,11 @@ Signed-off-by: He Zhe <zhe.he@windriver.com>
 hw/intc/apic.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
-Index: qemu-5.2.0/hw/intc/apic.c
+Index: qemu-8.0.0/hw/intc/apic.c
 ===================================================================
--- qemu-5.2.0.orig/hw/intc/apic.c
+--- qemu-8.0.0.orig/hw/intc/apic.c
-+++ qemu-5.2.0/hw/intc/apic.c
+++ qemu-8.0.0/hw/intc/apic.c
-@@ -605,7 +605,7 @@ int apic_accept_pic_intr(DeviceState *de
+@@ -607,7 +607,7 @@ int apic_accept_pic_intr(DeviceState *de
     APICCommonState *s = APIC(dev);
     uint32_t lvt0;
 
diff --git a/meta/recipes-devtools/qemu/qemu/0003-linux-user-Add-strace-for-shmat.patch b/meta/recipes-devtools/qemu/qemu/0003-linux-user-Add-strace-for-shmat.patch
new file mode 100644
index 0000000000..0c601c804a
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/0003-linux-user-Add-strace-for-shmat.patch
@@ -0,0 +1,71 @@
+From e8f06676c6c88e12cd5f4f81a839b7111c683596 Mon Sep 17 00:00:00 2001
+From: Richard Henderson <richard.henderson@linaro.org>
+Date: Wed, 28 Feb 2024 10:25:16 -1000
+Subject: [PATCH 3/5] linux-user: Add strace for shmat
+Upstream-Status: Submitted [https://www.mail-archive.com/qemu-devel@nongnu.org/msg1026793.html]
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+---
+ linux-user/strace.c    | 23 +++++++++++++++++++++++
+ linux-user/strace.list |  2 +-
+ 2 files changed, 24 insertions(+), 1 deletion(-)
+diff --git a/linux-user/strace.c b/linux-user/strace.c
+index cf26e5526..47d6ec326 100644
+--- a/linux-user/strace.c
+++ b/linux-user/strace.c
+@@ -670,6 +670,25 @@ print_semctl(CPUArchState *cpu_env, const struct syscallname *name,
+ }
+ #endif
+ 
+static void
+print_shmat(CPUArchState *cpu_env, const struct syscallname *name,
+            abi_long arg0, abi_long arg1, abi_long arg2,
+            abi_long arg3, abi_long arg4, abi_long arg5)
+{
+    static const struct flags shmat_flags[] = {
+        FLAG_GENERIC(SHM_RND),
+        FLAG_GENERIC(SHM_REMAP),
+        FLAG_GENERIC(SHM_RDONLY),
+        FLAG_GENERIC(SHM_EXEC),
+    };
+
+    print_syscall_prologue(name);
+    print_raw_param(TARGET_ABI_FMT_ld, arg0, 0);
+    print_pointer(arg1, 0);
+    print_flags(shmat_flags, arg2, 1);
+    print_syscall_epilogue(name);
+}
+
+ #ifdef TARGET_NR_ipc
+ static void
+ print_ipc(CPUArchState *cpu_env, const struct syscallname *name,
+@@ -683,6 +702,10 @@ print_ipc(CPUArchState *cpu_env, const struct syscallname *name,
+         print_ipc_cmd(arg3);
+         qemu_log(",0x" TARGET_ABI_FMT_lx ")", arg4);
+         break;
+    case IPCOP_shmat:
+        print_shmat(cpu_env, &(const struct syscallname){ .name = "shmat" },
+                    arg1, arg4, arg2, 0, 0, 0);
+        break;
+     default:
+         qemu_log(("%s("
+                   TARGET_ABI_FMT_ld ","
+diff --git a/linux-user/strace.list b/linux-user/strace.list
+index 6655d4f26..dfd4237d1 100644
+--- a/linux-user/strace.list
+++ b/linux-user/strace.list
+@@ -1398,7 +1398,7 @@
+ { TARGET_NR_sgetmask, "sgetmask" , NULL, NULL, NULL },
+ #endif
+ #ifdef TARGET_NR_shmat
+-{ TARGET_NR_shmat, "shmat" , NULL, NULL, print_syscall_ret_addr },
+{ TARGET_NR_shmat, "shmat" , NULL, print_shmat, print_syscall_ret_addr },
+ #endif
+ #ifdef TARGET_NR_shmctl
+ { TARGET_NR_shmctl, "shmctl" , NULL, NULL, NULL },
+-- 
+2.34.1
diff --git a/meta/recipes-devtools/qemu/qemu/0004-configure-Add-pkg-config-handling-for-libgcrypt.patch b/meta/recipes-devtools/qemu/qemu/0004-configure-Add-pkg-config-handling-for-libgcrypt.patch
new file mode 100644
index 0000000000..f981a64a54
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/0004-configure-Add-pkg-config-handling-for-libgcrypt.patch
@@ -0,0 +1,29 @@
+From d8265abdce5dc2bf74b3fccdf2b7257b4f3894f0 Mon Sep 17 00:00:00 2001
+From: He Zhe <zhe.he@windriver.com>
+Date: Wed, 28 Aug 2019 19:56:28 +0800
+Subject: [PATCH 04/12] configure: Add pkg-config handling for libgcrypt
+libgcrypt may also be controlled by pkg-config, this patch adds pkg-config
+handling for libgcrypt.
+Upstream-Status: Denied [https://lists.nongnu.org/archive/html/qemu-devel/2019-08/msg06333.html]
+Signed-off-by: He Zhe <zhe.he@windriver.com>
+---
+ meson.build | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+Index: qemu-8.1.0/meson.build
+===================================================================
+--- qemu-8.1.0.orig/meson.build
+++ qemu-8.1.0/meson.build
+@@ -1481,7 +1481,7 @@ endif
+ if not gnutls_crypto.found()
+   if (not get_option('gcrypt').auto() or have_system) and not get_option('nettle').enabled()
+     gcrypt = dependency('libgcrypt', version: '>=1.8',
+-                        method: 'config-tool',
+                        method: 'pkg-config',
+                         required: get_option('gcrypt'))
+     # Debian has removed -lgpg-error from libgcrypt-config
+     # as it "spreads unnecessary dependencies" which in
diff --git a/meta/recipes-devtools/qemu/qemu/0004-linux-user-Rewrite-target_shmat.patch b/meta/recipes-devtools/qemu/qemu/0004-linux-user-Rewrite-target_shmat.patch
new file mode 100644
index 0000000000..88c3ed40b0
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/0004-linux-user-Rewrite-target_shmat.patch
@@ -0,0 +1,236 @@
+From cb48d5d1592e63ebd0d4a3e300ef98e38e6306d7 Mon Sep 17 00:00:00 2001
+From: Richard Henderson <richard.henderson@linaro.org>
+Date: Wed, 28 Feb 2024 10:25:17 -1000
+Subject: [PATCH 4/5] linux-user: Rewrite target_shmat
+Handle combined host and guest alignment requirements.
+Handle host and guest page size differences.
+Handle SHM_EXEC.
+Upstream-Status: Submitted [https://www.mail-archive.com/qemu-devel@nongnu.org/msg1026793.html]
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/115
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+---
+ linux-user/mmap.c | 166 +++++++++++++++++++++++++++++++++++++---------
+ 1 file changed, 133 insertions(+), 33 deletions(-)
+diff --git a/linux-user/mmap.c b/linux-user/mmap.c
+index 18fb3aaf7..6a2f649bb 100644
+--- a/linux-user/mmap.c
+++ b/linux-user/mmap.c
+@@ -1062,69 +1062,161 @@ static inline abi_ulong target_shmlba(CPUArchState *cpu_env)
+ }
+ #endif
+ 
+#if defined(__arm__) || defined(__mips__) || defined(__sparc__)
+#define HOST_FORCE_SHMLBA 1
+#else
+#define HOST_FORCE_SHMLBA 0
+#endif
+
+ abi_ulong target_shmat(CPUArchState *cpu_env, int shmid,
+                        abi_ulong shmaddr, int shmflg)
+ {
+     CPUState *cpu = env_cpu(cpu_env);
+-    abi_ulong raddr;
+     struct shmid_ds shm_info;
+     int ret;
+-    abi_ulong shmlba;
+    int h_pagesize;
+    int t_shmlba, h_shmlba, m_shmlba;
+    size_t t_len, h_len, m_len;
+ 
+     /* shmat pointers are always untagged */
+ 
+-    /* find out the length of the shared memory segment */
+    /*
+     * Because we can't use host shmat() unless the address is sufficiently
+     * aligned for the host, we'll need to check both.
+     * TODO: Could be fixed with softmmu.
+     */
+    t_shmlba = target_shmlba(cpu_env);
+    h_pagesize = qemu_real_host_page_size();
+    h_shmlba = (HOST_FORCE_SHMLBA ? SHMLBA : h_pagesize);
+    m_shmlba = MAX(t_shmlba, h_shmlba);
+
+    if (shmaddr) {
+        if (shmaddr & (m_shmlba - 1)) {
+            if (shmflg & SHM_RND) {
+                /*
+                 * The guest is allowing the kernel to round the address.
+                 * Assume that the guest is ok with us rounding to the
+                 * host required alignment too.  Anyway if we don't, we'll
+                 * get an error from the kernel.
+                 */
+                shmaddr &= ~(m_shmlba - 1);
+                if (shmaddr == 0 && (shmflg & SHM_REMAP)) {
+                    return -TARGET_EINVAL;
+                }
+            } else {
+                int require = TARGET_PAGE_SIZE;
+#ifdef TARGET_FORCE_SHMLBA
+                require = t_shmlba;
+#endif
+                /*
+                 * Include host required alignment, as otherwise we cannot
+                 * use host shmat at all.
+                 */
+                require = MAX(require, h_shmlba);
+                if (shmaddr & (require - 1)) {
+                    return -TARGET_EINVAL;
+                }
+            }
+        }
+    } else {
+        if (shmflg & SHM_REMAP) {
+            return -TARGET_EINVAL;
+        }
+    }
+    /* All rounding now manually concluded. */
+    shmflg &= ~SHM_RND;
+
+    /* Find out the length of the shared memory segment. */
+     ret = get_errno(shmctl(shmid, IPC_STAT, &shm_info));
+     if (is_error(ret)) {
+         /* can't get length, bail out */
+         return ret;
+     }
+    t_len = TARGET_PAGE_ALIGN(shm_info.shm_segsz);
+    h_len = ROUND_UP(shm_info.shm_segsz, h_pagesize);
+    m_len = MAX(t_len, h_len);
+ 
+-    shmlba = target_shmlba(cpu_env);
+-
+-    if (shmaddr & (shmlba - 1)) {
+-        if (shmflg & SHM_RND) {
+-            shmaddr &= ~(shmlba - 1);
+-        } else {
+-            return -TARGET_EINVAL;
+-        }
+-    }
+-    if (!guest_range_valid_untagged(shmaddr, shm_info.shm_segsz)) {
+    if (!guest_range_valid_untagged(shmaddr, m_len)) {
+         return -TARGET_EINVAL;
+     }
+ 
+     WITH_MMAP_LOCK_GUARD() {
+-        void *host_raddr;
+        bool mapped = false;
+        void *want, *test;
+         abi_ulong last;
+ 
+-        if (shmaddr) {
+-            host_raddr = shmat(shmid, (void *)g2h_untagged(shmaddr), shmflg);
+        if (!shmaddr) {
+            shmaddr = mmap_find_vma(0, m_len, m_shmlba);
+            if (shmaddr == -1) {
+                return -TARGET_ENOMEM;
+            }
+            mapped = !reserved_va;
+        } else if (shmflg & SHM_REMAP) {
+            /*
+             * If host page size > target page size, the host shmat may map
+             * more memory than the guest expects.  Reject a mapping that
+             * would replace memory in the unexpected gap.
+             * TODO: Could be fixed with softmmu.
+             */
+            if (t_len < h_len &&
+                !page_check_range_empty(shmaddr + t_len,
+                                        shmaddr + h_len - 1)) {
+                return -TARGET_EINVAL;
+            }
+         } else {
+-            abi_ulong mmap_start;
+            if (!page_check_range_empty(shmaddr, shmaddr + m_len - 1)) {
+                return -TARGET_EINVAL;
+            }
+        }
+ 
+-            /* In order to use the host shmat, we need to honor host SHMLBA.  */
+-            mmap_start = mmap_find_vma(0, shm_info.shm_segsz,
+-                                       MAX(SHMLBA, shmlba));
+        /* All placement is now complete. */
+        want = (void *)g2h_untagged(shmaddr);
+ 
+-            if (mmap_start == -1) {
+-                return -TARGET_ENOMEM;
+        /*
+         * Map anonymous pages across the entire range, then remap with
+         * the shared memory.  This is required for a number of corner
+         * cases for which host and guest page sizes differ.
+         */
+        if (h_len != t_len) {
+            int mmap_p = PROT_READ | (shmflg & SHM_RDONLY ? 0 : PROT_WRITE);
+            int mmap_f = MAP_PRIVATE | MAP_ANONYMOUS
+                       | (reserved_va || (shmflg & SHM_REMAP)
+                          ? MAP_FIXED : MAP_FIXED_NOREPLACE);
+
+            test = mmap(want, m_len, mmap_p, mmap_f, -1, 0);
+            if (unlikely(test != want)) {
+                /* shmat returns EINVAL not EEXIST like mmap. */
+                ret = (test == MAP_FAILED && errno != EEXIST
+                       ? get_errno(-1) : -TARGET_EINVAL);
+                if (mapped) {
+                    do_munmap(want, m_len);
+                }
+                return ret;
+             }
+-            host_raddr = shmat(shmid, g2h_untagged(mmap_start),
+-                               shmflg | SHM_REMAP);
+            mapped = true;
+         }
+ 
+-        if (host_raddr == (void *)-1) {
+-            return get_errno(-1);
+        if (reserved_va || mapped) {
+            shmflg |= SHM_REMAP;
+        }
+        test = shmat(shmid, want, shmflg);
+        if (test == MAP_FAILED) {
+            ret = get_errno(-1);
+            if (mapped) {
+                do_munmap(want, m_len);
+            }
+            return ret;
+         }
+-        raddr = h2g(host_raddr);
+-        last = raddr + shm_info.shm_segsz - 1;
+        assert(test == want);
+ 
+-        page_set_flags(raddr, last,
+        last = shmaddr + m_len - 1;
+        page_set_flags(shmaddr, last,
+                        PAGE_VALID | PAGE_RESET | PAGE_READ |
+-                       (shmflg & SHM_RDONLY ? 0 : PAGE_WRITE));
+                       (shmflg & SHM_RDONLY ? 0 : PAGE_WRITE) |
+                       (shmflg & SHM_EXEC ? PAGE_EXEC : 0));
+ 
+-        shm_region_rm_complete(raddr, last);
+-        shm_region_add(raddr, last);
+        shm_region_rm_complete(shmaddr, last);
+        shm_region_add(shmaddr, last);
+     }
+ 
+     /*
+@@ -1138,7 +1230,15 @@ abi_ulong target_shmat(CPUArchState *cpu_env, int shmid,
+         tb_flush(cpu);
+     }
+ 
+-    return raddr;
+    if (qemu_loglevel_mask(CPU_LOG_PAGE)) {
+        FILE *f = qemu_log_trylock();
+        if (f) {
+            fprintf(f, "page layout changed following shmat\n");
+            page_dump(f);
+            qemu_log_unlock(f);
+        }
+    }
+    return shmaddr;
+ }
+ 
+ abi_long target_shmdt(abi_ulong shmaddr)
+-- 
+2.34.1
diff --git a/meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch b/meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch
deleted file mode 100644
index a0bd1c5ebc..0000000000
--- a/meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 4127296bb1046cdf73994ba69dc913d8c02fd74f Mon Sep 17 00:00:00 2001
-From: Ross Burton <ross.burton@intel.com>
-Date: Tue, 20 Oct 2015 22:19:08 +0100
-Subject: [PATCH] qemu: disable Valgrind
-There isn't an option to enable or disable valgrind support, so disable it to avoid non-deterministic builds.
-Upstream-Status: Inappropriate
-Signed-off-by: Ross Burton <ross.burton@intel.com>
---
- configure | 9 ---------
- 1 file changed, 9 deletions(-)
-Index: qemu-5.2.0/configure
-===================================================================
--- qemu-5.2.0.orig/configure
-+++ qemu-5.2.0/configure
-@@ -5001,15 +5001,6 @@ fi
- # check if we have valgrind/valgrind.h
- 
- valgrind_h=no
-cat > $TMPC << EOF
-#include <valgrind/valgrind.h>
-int main(void) {
-  return 0;
-}
-EOF
-if compile_prog "" "" ; then
-    valgrind_h=yes
-fi
- 
- ########################################
- # check if environ is declared
diff --git a/meta/recipes-devtools/qemu/qemu/0001-qemu-Do-not-include-file-if-not-exists.patch b/meta/recipes-devtools/qemu/qemu/0005-qemu-Do-not-include-file-if-not-exists.patch
index 3fe9aa6eb5..38aa4c3bbe 100644
--- a/meta/recipes-devtools/qemu/qemu/0001-qemu-Do-not-include-file-if-not-exists.patch
+++ b/meta/recipes-devtools/qemu/qemu/0005-qemu-Do-not-include-file-if-not-exists.patch
@@ -1,7 +1,7 @@
-From 34247f83095f8cdcdc1f9d7f0c6ffbd46b25d979 Mon Sep 17 00:00:00 2001
+From f39e7bfc5ed07b5ecaeb705c4eae4855ca120d47 Mon Sep 17 00:00:00 2001
 From: Oleksiy Obitotskyy <oobitots@cisco.com>
 Date: Wed, 25 Mar 2020 21:21:35 +0200
-Subject: [PATCH] qemu: Do not include file if not exists
+Subject: [PATCH 05/12] qemu: Do not include file if not exists
 Script configure checks for if_alg.h and check failed but
 if_alg.h still included.
@@ -11,15 +11,16 @@ Signed-off-by: Oleksiy Obitotskyy <oobitots@cisco.com>
 [update patch context]
 Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
 ---
 linux-user/syscall.c | 2 ++
 1 file changed, 2 insertions(+)
-Index: qemu-5.2.0/linux-user/syscall.c
+Index: qemu-8.0.0/linux-user/syscall.c
 ===================================================================
--- qemu-5.2.0.orig/linux-user/syscall.c
+--- qemu-8.0.0.orig/linux-user/syscall.c
-+++ qemu-5.2.0/linux-user/syscall.c
+++ qemu-8.0.0/linux-user/syscall.c
-@@ -109,7 +109,9 @@
+@@ -115,7 +115,9 @@
 #include <linux/blkpg.h>
 #include <netpacket/packet.h>
 #include <linux/netlink.h>
@@ -28,4 +29,4 @@ Index: qemu-5.2.0/linux-user/syscall.c
 +#endif
 #include <linux/rtc.h>
 #include <sound/asound.h>
- #ifdef CONFIG_BTRFS
+ #ifdef HAVE_BTRFS_H
diff --git a/meta/recipes-devtools/qemu/qemu/0005-tests-tcg-Check-that-shmat-does-not-break-proc-self-.patch b/meta/recipes-devtools/qemu/qemu/0005-tests-tcg-Check-that-shmat-does-not-break-proc-self-.patch
new file mode 100644
index 0000000000..5afb35ea0c
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/0005-tests-tcg-Check-that-shmat-does-not-break-proc-self-.patch
@@ -0,0 +1,85 @@
+From 1234063488134ad1f541f56dd30caa7896905f06 Mon Sep 17 00:00:00 2001
+From: Ilya Leoshkevich <iii@linux.ibm.com>
+Date: Wed, 28 Feb 2024 10:25:18 -1000
+Subject: [PATCH 5/5] tests/tcg: Check that shmat() does not break
+ /proc/self/maps
+Add a regression test for a recently fixed issue, where shmat()
+desynced the guest and the host view of the address space and caused
+open("/proc/self/maps") to SEGV.
+Upstream-Status: Submitted [https://www.mail-archive.com/qemu-devel@nongnu.org/msg1026793.html]
+Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
+Message-Id: <jwyuvao4apydvykmsnvacwshdgy3ixv7qvkh4dbxm3jkwgnttw@k4wpaayou7oq>
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+---
+ tests/tcg/multiarch/linux/linux-shmat-maps.c | 55 ++++++++++++++++++++
+ 1 file changed, 55 insertions(+)
+ create mode 100644 tests/tcg/multiarch/linux/linux-shmat-maps.c
+diff --git a/tests/tcg/multiarch/linux/linux-shmat-maps.c b/tests/tcg/multiarch/linux/linux-shmat-maps.c
+new file mode 100644
+index 000000000..0ccf7a973
+--- /dev/null
+++ b/tests/tcg/multiarch/linux/linux-shmat-maps.c
+@@ -0,0 +1,55 @@
+/*
+ * Test that shmat() does not break /proc/self/maps.
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+#include <assert.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <sys/ipc.h>
+#include <sys/shm.h>
+#include <unistd.h>
+
+int main(void)
+{
+    char buf[128];
+    int err, fd;
+    int shmid;
+    ssize_t n;
+    void *p;
+
+    shmid = shmget(IPC_PRIVATE, 1, IPC_CREAT | 0600);
+    assert(shmid != -1);
+
+    /*
+     * The original bug required a non-NULL address, which skipped the
+     * mmap_find_vma step, which could result in a host mapping smaller
+     * than the target mapping.  Choose an address at random.
+     */
+    p = shmat(shmid, (void *)0x800000, SHM_RND);
+    if (p == (void *)-1) {
+        /*
+         * Because we are now running the testcase for all guests for which
+         * we have a cross-compiler, the above random address might conflict
+         * with the guest executable in some way.  Rather than stopping,
+         * continue with a system supplied address, which should never fail.
+         */
+        p = shmat(shmid, NULL, 0);
+        assert(p != (void *)-1);
+    }
+
+    fd = open("/proc/self/maps", O_RDONLY);
+    assert(fd != -1);
+    do {
+        n = read(fd, buf, sizeof(buf));
+        assert(n >= 0);
+    } while (n != 0);
+    close(fd);
+
+    err = shmdt(p);
+    assert(err == 0);
+    err = shmctl(shmid, IPC_RMID, NULL);
+    assert(err == 0);
+
+    return EXIT_SUCCESS;
+}
+-- 
+2.34.1
diff --git a/meta/recipes-devtools/qemu/qemu/0006-chardev-connect-socket-to-a-spawned-command.patch b/meta/recipes-devtools/qemu/qemu/0006-chardev-connect-socket-to-a-spawned-command.patch
deleted file mode 100644
index 201125c1f4..0000000000
--- a/meta/recipes-devtools/qemu/qemu/0006-chardev-connect-socket-to-a-spawned-command.patch
+++ /dev/null
@@ -1,243 +0,0 @@
-From bcc63f775e265df69963a4ad7805b8678ace68f0 Mon Sep 17 00:00:00 2001
-From: Alistair Francis <alistair.francis@xilinx.com>
-Date: Thu, 21 Dec 2017 11:35:16 -0800
-Subject: [PATCH] chardev: connect socket to a spawned command
-The command is started in a shell (sh -c) with stdin connect to QEMU
-via a Unix domain stream socket. QEMU then exchanges data via its own
-end of the socket, just like it normally does.
-"-chardev socket" supports some ways of connecting via protocols like
-telnet, but that is only a subset of the functionality supported by
-tools socat. To use socat instead, for example to connect via a socks
-proxy, use:
-  -chardev 'socket,id=socat,cmd=exec socat FD:0 SOCKS4A:socks-proxy.localdomain:example.com:9999,,socksuser=nobody' \
-  -device usb-serial,chardev=socat
-Beware that commas in the command must be escaped as double commas.
-Or interactively in the console:
-   (qemu) chardev-add socket,id=cat,cmd=cat
-   (qemu) device_add usb-serial,chardev=cat
-   ^ac
-   # cat >/dev/ttyUSB0
-   hello
-   hello
-Another usage is starting swtpm from inside QEMU. swtpm will
-automatically shut down once it looses the connection to the parent
-QEMU, so there is no risk of lingering processes:
-  -chardev 'socket,id=chrtpm0,cmd=exec swtpm socket --terminate --ctrl type=unixio,,clientfd=0 --tpmstate dir=... --log file=swtpm.log' \
-  -tpmdev emulator,id=tpm0,chardev=chrtpm0 \
-  -device tpm-tis,tpmdev=tpm0
-The patch was discussed upstream, but QEMU developers believe that the
-code calling QEMU should be responsible for managing additional
-processes. In OE-core, that would imply enhancing runqemu and
-oeqa. This patch is a simpler solution.
-Because it is not going upstream, the patch was written so that it is
-as simple as possible.
-Upstream-Status: Inappropriate [embedded specific]
-Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
---
- chardev/char-socket.c | 101 ++++++++++++++++++++++++++++++++++++++++++
- chardev/char.c        |   3 ++
- qapi/char.json        |   5 +++
- 3 files changed, 109 insertions(+)
-Index: qemu-5.2.0/chardev/char-socket.c
-===================================================================
--- qemu-5.2.0.orig/chardev/char-socket.c
-+++ qemu-5.2.0/chardev/char-socket.c
-@@ -1308,6 +1308,67 @@ static bool qmp_chardev_validate_socket(
-     return true;
- }
- 
-+#ifndef _WIN32
-+static void chardev_open_socket_cmd(Chardev *chr,
-+                                    const char *cmd,
-+                                    Error **errp)
-+{
-+    int fds[2] = { -1, -1 };
-+    QIOChannelSocket *sioc = NULL;
-+    pid_t pid = -1;
-+    const char *argv[] = { "/bin/sh", "-c", cmd, NULL };
-+
-+    /*
-+     * We need a Unix domain socket for commands like swtpm and a single
-+     * connection, therefore we cannot use qio_channel_command_new_spawn()
-+     * without patching it first. Duplicating the functionality is easier.
-+     */
-+    if (socketpair(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0, fds)) {
-+        error_setg_errno(errp, errno, "Error creating socketpair(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC)");
-+        goto error;
-+    }
-+
-+    pid = qemu_fork(errp);
-+    if (pid < 0) {
-+        goto error;
-+    }
-+
-+    if (!pid) {
-+        /* child */
-+        dup2(fds[1], STDIN_FILENO);
-+        execv(argv[0], (char * const *)argv);
-+        _exit(1);
-+    }
-+
-+    /*
-+     * Hand over our end of the socket pair to the qio channel.
-+     *
-+     * We don't reap the child because it is expected to keep
-+     * running. We also don't support the "reconnect" option for the
-+     * same reason.
-+     */
-+    sioc = qio_channel_socket_new_fd(fds[0], errp);
-+    if (!sioc) {
-+        goto error;
-+    }
-+    fds[0] = -1;
-+
-+    g_free(chr->filename);
-+    chr->filename = g_strdup_printf("cmd:%s", cmd);
-+    tcp_chr_new_client(chr, sioc);
-+
-+ error:
-+    if (fds[0] >= 0) {
-+        close(fds[0]);
-+    }
-+    if (fds[1] >= 0) {
-+        close(fds[1]);
-+    }
-+    if (sioc) {
-+        object_unref(OBJECT(sioc));
-+    }
-+}
-+#endif
- 
- static void qmp_chardev_open_socket(Chardev *chr,
-                                     ChardevBackend *backend,
-@@ -1316,6 +1377,9 @@ static void qmp_chardev_open_socket(Char
- {
-     SocketChardev *s = SOCKET_CHARDEV(chr);
-     ChardevSocket *sock = backend->u.socket.data;
-+#ifndef _WIN32
-+    const char *cmd     = sock->cmd;
-+#endif
-     bool do_nodelay     = sock->has_nodelay ? sock->nodelay : false;
-     bool is_listen      = sock->has_server  ? sock->server  : true;
-     bool is_telnet      = sock->has_telnet  ? sock->telnet  : false;
-@@ -1381,6 +1445,14 @@ static void qmp_chardev_open_socket(Char
- 
-     update_disconnected_filename(s);
- 
-+#ifndef _WIN32
-+    if (cmd) {
-+        chardev_open_socket_cmd(chr, cmd, errp);
-+
-+        /* everything ready (or failed permanently) before we return */
-+        *be_opened = true;
-+    } else
-+#endif
-     if (s->is_listen) {
-         if (qmp_chardev_open_socket_server(chr, is_telnet || is_tn3270,
-                                            is_waitconnect, errp) < 0) {
-@@ -1400,6 +1472,9 @@ static void qemu_chr_parse_socket(QemuOp
-     const char *host = qemu_opt_get(opts, "host");
-     const char *port = qemu_opt_get(opts, "port");
-     const char *fd = qemu_opt_get(opts, "fd");
-+#ifndef _WIN32
-+    const char *cmd = qemu_opt_get(opts, "cmd");
-+#endif
- #ifdef CONFIG_LINUX
-     bool tight = qemu_opt_get_bool(opts, "tight", true);
-     bool abstract = qemu_opt_get_bool(opts, "abstract", false);
-@@ -1407,6 +1482,20 @@ static void qemu_chr_parse_socket(QemuOp
-     SocketAddressLegacy *addr;
-     ChardevSocket *sock;
- 
-+#ifndef _WIN32
-+    if (cmd) {
-+        /*
-+         * Here we have to ensure that no options are set which are incompatible with
-+         * spawning a command, otherwise unmodified code that doesn't know about
-+         * command spawning (like socket_reconnect_timeout()) might get called.
-+         */
-+        if (path || sock->server || sock->has_telnet || sock->has_tn3270 || sock->reconnect || host || port || sock->tls_creds) {
-+            error_setg(errp, "chardev: socket: cmd does not support any additional options");
-+            return;
-+        }
-+    } else
-+#endif
-+
-     if ((!!path + !!fd + !!host) != 1) {
-         error_setg(errp,
-                    "Exactly one of 'path', 'fd' or 'host' required");
-@@ -1448,13 +1537,24 @@ static void qemu_chr_parse_socket(QemuOp
-     sock->tls_creds = g_strdup(qemu_opt_get(opts, "tls-creds"));
-     sock->has_tls_authz = qemu_opt_get(opts, "tls-authz");
-     sock->tls_authz = g_strdup(qemu_opt_get(opts, "tls-authz"));
-+#ifndef _WIN32
-+    sock->cmd = g_strdup(cmd);
-+#endif
- 
-     addr = g_new0(SocketAddressLegacy, 1);
-+#ifndef _WIN32
-+    if (path || cmd) {
-+#else
-     if (path) {
-+#endif
-         UnixSocketAddress *q_unix;
-         addr->type = SOCKET_ADDRESS_LEGACY_KIND_UNIX;
-         q_unix = addr->u.q_unix.data = g_new0(UnixSocketAddress, 1);
-+#ifndef _WIN32
-+        q_unix->path = cmd ? g_strdup_printf("cmd:%s", cmd) : g_strdup(path);
-+#else
-         q_unix->path = g_strdup(path);
-+#endif
- #ifdef CONFIG_LINUX
-         q_unix->has_tight = true;
-         q_unix->tight = tight;
-Index: qemu-5.2.0/chardev/char.c
-===================================================================
--- qemu-5.2.0.orig/chardev/char.c
-+++ qemu-5.2.0/chardev/char.c
-@@ -839,6 +839,9 @@ QemuOptsList qemu_chardev_opts = {
-             .name = "path",
-             .type = QEMU_OPT_STRING,
-         },{
-+            .name = "cmd",
-+            .type = QEMU_OPT_STRING,
-+        },{
-             .name = "host",
-             .type = QEMU_OPT_STRING,
-         },{
-Index: qemu-5.2.0/qapi/char.json
-===================================================================
--- qemu-5.2.0.orig/qapi/char.json
-+++ qemu-5.2.0/qapi/char.json
-@@ -250,6 +250,10 @@
- #
- # @addr: socket address to listen on (server=true)
- #        or connect to (server=false)
-+# @cmd: command to run via "sh -c" with stdin as one end of
-+#       a AF_UNIX SOCK_DSTREAM socket pair. The other end
-+#       is used by the chardev. Either an addr or a cmd can
-+#       be specified, but not both.
- # @tls-creds: the ID of the TLS credentials object (since 2.6)
- # @tls-authz: the ID of the QAuthZ authorization object against which
- #             the client's x509 distinguished name will be validated. This
-@@ -276,6 +280,7 @@
- ##
- { 'struct': 'ChardevSocket',
-   'data': { 'addr': 'SocketAddressLegacy',
-+            '*cmd': 'str',
-             '*tls-creds': 'str',
-             '*tls-authz'  : 'str',
-             '*server': 'bool',
diff --git a/meta/recipes-devtools/qemu/qemu/mmap2.patch b/meta/recipes-devtools/qemu/qemu/0006-qemu-Add-some-user-space-mmap-tweaks-to-address-musl.patch
index 1652131757..5d1d7c6881 100644
--- a/meta/recipes-devtools/qemu/qemu/mmap2.patch
+++ b/meta/recipes-devtools/qemu/qemu/0006-qemu-Add-some-user-space-mmap-tweaks-to-address-musl.patch
@@ -1,3 +1,9 @@
+From 375cae3dd6151ef33cae8f243f6a2c2da6c0c356 Mon Sep 17 00:00:00 2001
+From: Richard Purdie <richard.purdie@linuxfoundation.org>
+Date: Fri, 8 Jan 2021 17:27:06 +0000
+Subject: [PATCH 06/12] qemu: Add some user space mmap tweaks to address musl
+ 32 bit
 When using qemu-i386 to build qemux86 webkitgtk on musl, it sits in an
 infinite loop of mremap calls of ever decreasing/increasing addresses.
@@ -13,27 +19,30 @@ rather than ENOMEM so adjust the other part of the test to this.
 Upstream-Status: Submitted [https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg01355.html]
 Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org
-Index: qemu-5.2.0/linux-user/mmap.c
+---
+ linux-user/mmap.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+Index: qemu-8.0.0/linux-user/mmap.c
 ===================================================================
--- qemu-5.2.0.orig/linux-user/mmap.c
+--- qemu-8.0.0.orig/linux-user/mmap.c
-+++ qemu-5.2.0/linux-user/mmap.c
+++ qemu-8.0.0/linux-user/mmap.c
-@@ -722,12 +722,14 @@ abi_long target_mremap(abi_ulong old_add
+@@ -776,12 +776,16 @@ abi_long target_mremap(abi_ulong old_add
     int prot;
     void *host_addr;
 
-    if (!guest_range_valid(old_addr, old_size) ||
+-    if (!guest_range_valid_untagged(old_addr, old_size) ||
 -        ((flags & MREMAP_FIXED) &&
-         !guest_range_valid(new_addr, new_size)) ||
+    if (!guest_range_valid_untagged(old_addr, old_size)) {
-        ((flags & MREMAP_MAYMOVE) == 0 &&
-         !guest_range_valid(old_addr, new_size))) {
-        errno = ENOMEM;
-+    if (!guest_range_valid(old_addr, old_size)) {
 +        errno = EFAULT;
 +        return -1;
 +    }
-+
+    
-+    if (((flags & MREMAP_FIXED) && !guest_range_valid(new_addr, new_size)) ||
+    if (((flags & MREMAP_FIXED) &&
-+        ((flags & MREMAP_MAYMOVE) == 0 && !guest_range_valid(old_addr, new_size))) {
+          !guest_range_valid_untagged(new_addr, new_size)) ||
+         ((flags & MREMAP_MAYMOVE) == 0 &&
+          !guest_range_valid_untagged(old_addr, new_size))) {
+-        errno = ENOMEM;
 +        errno = EINVAL;
         return -1;
     }
diff --git a/meta/recipes-devtools/qemu/qemu/0007-qemu-Determinism-fixes.patch b/meta/recipes-devtools/qemu/qemu/0007-qemu-Determinism-fixes.patch
new file mode 100644
index 0000000000..d3f965e070
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/0007-qemu-Determinism-fixes.patch
@@ -0,0 +1,31 @@
+From 50bab5c2605b609ea7ea154f57a9be96d656725a Mon Sep 17 00:00:00 2001
+From: Richard Purdie <richard.purdie@linuxfoundation.org>
+Date: Mon, 1 Mar 2021 13:00:47 +0000
+Subject: [PATCH 07/12] qemu: Determinism fixes
+When sources are included within debug information, a couple of areas of the
+qemu build are not reproducible due to either full buildpaths or timestamps.
+Replace the full paths with relative ones. I couldn't figure out how to get
+meson to pass relative paths but we can fix that in the script.
+Upstream-Status: Pending [some version of all/part of this may be accepted]
+RP 2021/3/1
+---
+ scripts/decodetree.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+Index: qemu-8.0.0/scripts/decodetree.py
+===================================================================
+--- qemu-8.0.0.orig/scripts/decodetree.py
+++ qemu-8.0.0/scripts/decodetree.py
+@@ -1328,7 +1328,7 @@ def main():
+     toppat = ExcMultiPattern(0)
+ 
+     for filename in args:
+-        input_file = filename
+        input_file = os.path.relpath(filename)
+         f = open(filename, 'rt', encoding='utf-8')
+         parse_file(f, toppat)
+         f.close()
diff --git a/meta/recipes-devtools/qemu/qemu/0008-tests-meson.build-use-relative-path-to-refer-to-file.patch b/meta/recipes-devtools/qemu/qemu/0008-tests-meson.build-use-relative-path-to-refer-to-file.patch
new file mode 100644
index 0000000000..a84364ccc1
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/0008-tests-meson.build-use-relative-path-to-refer-to-file.patch
@@ -0,0 +1,41 @@
+From 2bf9388b801d4389e2d57e95a7897bfc1c42786e Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Thu, 14 Jan 2021 06:33:04 +0000
+Subject: [PATCH 08/12] tests/meson.build: use relative path to refer to files
+Fix error like:
+Fatal error: can't create tests/ptimer-test.p/..._qemu-5.2.0_hw_core_ptimer.c.o: File name too long
+when build path is too long, use meson.source_root() will make this
+filename too long. Fixed by using relative path to refer to files
+Upstream-Status: Submitted [send to qemu-devel]
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ tests/unit/meson.build | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+Index: qemu-8.0.0/tests/unit/meson.build
+===================================================================
+--- qemu-8.0.0.orig/tests/unit/meson.build
+++ qemu-8.0.0/tests/unit/meson.build
+@@ -46,7 +46,7 @@ tests = {
+   'test-keyval': [testqapi],
+   'test-logging': [],
+   'test-uuid': [],
+-  'ptimer-test': ['ptimer-test-stubs.c', meson.project_source_root() / 'hw/core/ptimer.c'],
+  'ptimer-test': ['ptimer-test-stubs.c', '../../hw/core/ptimer.c'],
+   'test-qapi-util': [],
+   'test-interval-tree': [],
+   'test-xs-node': [qom],
+@@ -136,7 +136,7 @@ if have_system
+     'test-util-sockets': ['socket-helpers.c'],
+     'test-base64': [],
+     'test-bufferiszero': [],
+-    'test-smp-parse': [qom, meson.project_source_root() / 'hw/core/machine-smp.c'],
+    'test-smp-parse': [qom, '../../hw/core/machine-smp.c'],
+     'test-vmstate': [migration, io],
+     'test-yank': ['socket-helpers.c', qom, io, chardev]
+   }
diff --git a/meta/recipes-devtools/qemu/qemu/0009-Define-MAP_SYNC-and-MAP_SHARED_VALIDATE-on-needed-li.patch b/meta/recipes-devtools/qemu/qemu/0009-Define-MAP_SYNC-and-MAP_SHARED_VALIDATE-on-needed-li.patch
new file mode 100644
index 0000000000..4de6cc2445
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/0009-Define-MAP_SYNC-and-MAP_SHARED_VALIDATE-on-needed-li.patch
@@ -0,0 +1,46 @@
+From ebf4bb2f51da83af0c61480414cfa156f7308b34 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Mon, 21 Mar 2022 10:09:38 -0700
+Subject: [PATCH 09/12] Define MAP_SYNC and MAP_SHARED_VALIDATE on needed linux
+ systems
+linux only wires MAP_SYNC and MAP_SHARED_VALIDATE for architectures
+which include asm-generic/mman.h and mips/powerpc are not including this
+file in linux/mman.h, therefore these should be defined for such
+architectures on Linux as well. This fixes build on mips/musl/linux
+Upstream-Status: Submitted [https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg05298.html]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Cc: Zhang Yi <yi.z.zhang@linux.intel.com>
+Cc: Michael S. Tsirkin <mst@redhat.com>
+---
+ util/mmap-alloc.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+Index: qemu-8.0.0/util/mmap-alloc.c
+===================================================================
+--- qemu-8.0.0.orig/util/mmap-alloc.c
+++ qemu-8.0.0/util/mmap-alloc.c
+@@ -10,14 +10,18 @@
+  * later.  See the COPYING file in the top-level directory.
+  */
+ 
+#include "qemu/osdep.h"
+ #ifdef CONFIG_LINUX
+ #include <linux/mman.h>
+-#else  /* !CONFIG_LINUX */
+#endif  /* CONFIG_LINUX */
+
+#ifndef MAP_SYNC
+ #define MAP_SYNC              0x0
+#endif /* MAP_SYNC */
+#ifndef MAP_SHARED_VALIDATE
+ #define MAP_SHARED_VALIDATE   0x0
+-#endif /* CONFIG_LINUX */
+#endif /* MAP_SHARED_VALIDATE */
+ 
+-#include "qemu/osdep.h"
+ #include "qemu/mmap-alloc.h"
+ #include "qemu/host-utils.h"
+ #include "qemu/cutils.h"
diff --git a/meta/recipes-devtools/qemu/qemu/0010-configure-Add-pkg-config-handling-for-libgcrypt.patch b/meta/recipes-devtools/qemu/qemu/0010-configure-Add-pkg-config-handling-for-libgcrypt.patch
deleted file mode 100644
index c5d206b91b..0000000000
--- a/meta/recipes-devtools/qemu/qemu/0010-configure-Add-pkg-config-handling-for-libgcrypt.patch
+++ /dev/null
@@ -1,84 +0,0 @@
-From c207607cdf3996ad9783c3bffbcd3d65e74c0158 Mon Sep 17 00:00:00 2001
-From: He Zhe <zhe.he@windriver.com>
-Date: Wed, 28 Aug 2019 19:56:28 +0800
-Subject: [PATCH] configure: Add pkg-config handling for libgcrypt
-libgcrypt may also be controlled by pkg-config, this patch adds pkg-config
-handling for libgcrypt.
-Upstream-Status: Denied [https://lists.nongnu.org/archive/html/qemu-devel/2019-08/msg06333.html]
-Signed-off-by: He Zhe <zhe.he@windriver.com>
---
- configure | 48 ++++++++++++++++++++++++++++++++++++++++--------
- 1 file changed, 40 insertions(+), 8 deletions(-)
-Index: qemu-5.2.0/configure
-===================================================================
--- qemu-5.2.0.orig/configure
-+++ qemu-5.2.0/configure
-@@ -2956,6 +2956,30 @@ has_libgcrypt() {
-     return 0
- }
- 
-+has_libgcrypt_pkgconfig() {
-+    if ! has $pkg_config ; then
-+        return 1
-+    fi
-+
-+    if ! $pkg_config --list-all | grep libgcrypt > /dev/null 2>&1 ; then
-+        return 1
-+    fi
-+
-+    if test -n "$cross_prefix" ; then
-+        host=$($pkg_config --variable=host libgcrypt)
-+        if test "${host%-gnu}-" != "${cross_prefix%-gnu}" ; then
-+            print_error "host($host) does not match cross_prefix($cross_prefix)"
-+            return 1
-+        fi
-+    fi
-+
-+    if ! $pkg_config --atleast-version=1.5.0 libgcrypt ; then
-+        print_error "libgcrypt version is $($pkg_config --modversion libgcrypt)"
-+        return 1
-+    fi
-+
-+    return 0
-+}
- 
- if test "$nettle" != "no"; then
-     pass="no"
-@@ -2994,7 +3018,14 @@ fi
- 
- if test "$gcrypt" != "no"; then
-     pass="no"
-    if has_libgcrypt; then
-+    if has_libgcrypt_pkgconfig; then
-+        gcrypt_cflags=$($pkg_config --cflags libgcrypt)
-+        if test "$static" = "yes" ; then
-+            gcrypt_libs=$($pkg_config --libs --static libgcrypt)
-+        else
-+            gcrypt_libs=$($pkg_config --libs libgcrypt)
-+        fi
-+    elif has_libgcrypt; then
-         gcrypt_cflags=$(libgcrypt-config --cflags)
-         gcrypt_libs=$(libgcrypt-config --libs)
-         # Debian has removed -lgpg-error from libgcrypt-config
-@@ -3004,12 +3035,12 @@ if test "$gcrypt" != "no"; then
-         then
-             gcrypt_libs="$gcrypt_libs -lgpg-error"
-         fi
-+    fi
- 
-        # Link test to make sure the given libraries work (e.g for static).
-        write_c_skeleton
-        if compile_prog "" "$gcrypt_libs" ; then
-+    # Link test to make sure the given libraries work (e.g for static).
-+    write_c_skeleton
-+    if compile_prog "" "$gcrypt_libs" ; then
-             pass="yes"
-        fi
-     fi
-     if test "$pass" = "yes"; then
-         gcrypt="yes"
diff --git a/meta/recipes-devtools/qemu/qemu/0010-hw-pvrdma-Protect-against-buggy-or-malicious-guest-d.patch b/meta/recipes-devtools/qemu/qemu/0010-hw-pvrdma-Protect-against-buggy-or-malicious-guest-d.patch
new file mode 100644
index 0000000000..6caf35b634
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/0010-hw-pvrdma-Protect-against-buggy-or-malicious-guest-d.patch
@@ -0,0 +1,40 @@
+CVE: CVE-2022-1050
+Upstream-Status: Submitted [https://lore.kernel.org/qemu-devel/20220403095234.2210-1-yuval.shaia.ml@gmail.com/]
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+From dbdef95c272e8f3ec037c3db4197c66002e30995 Mon Sep 17 00:00:00 2001
+From: Yuval Shaia <yuval.shaia.ml@gmail.com>
+Date: Sun, 3 Apr 2022 12:52:34 +0300
+Subject: [PATCH] hw/pvrdma: Protect against buggy or malicious guest driver
+Guest driver might execute HW commands when shared buffers are not yet
+allocated.
+This could happen on purpose (malicious guest) or because of some other
+guest/host address mapping error.
+We need to protect againts such case.
+Fixes: CVE-2022-1050
+Reported-by: Raven <wxhusst@gmail.com>
+Signed-off-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
+---
+ hw/rdma/vmw/pvrdma_cmd.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+Index: qemu-8.0.0/hw/rdma/vmw/pvrdma_cmd.c
+===================================================================
+--- qemu-8.0.0.orig/hw/rdma/vmw/pvrdma_cmd.c
+++ qemu-8.0.0/hw/rdma/vmw/pvrdma_cmd.c
+@@ -782,6 +782,12 @@ int pvrdma_exec_cmd(PVRDMADev *dev)
+             goto out;
+     }
+ 
+    if (!dsr_info->dsr) {
+            /* Buggy or malicious guest driver */
+            rdma_error_report("Exec command without dsr, req or rsp buffers");
+            goto out;
+    }
+
+     if (dsr_info->req->hdr.cmd >= sizeof(cmd_handlers) /
+                       sizeof(struct cmd_handler)) {
+         rdma_error_report("Unsupported command");
diff --git a/meta/recipes-devtools/qemu/qemu/0011-linux-user-workaround-for-missing-MAP_FIXED_NOREPLAC.patch b/meta/recipes-devtools/qemu/qemu/0011-linux-user-workaround-for-missing-MAP_FIXED_NOREPLAC.patch
new file mode 100644
index 0000000000..cc53b1eedd
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/0011-linux-user-workaround-for-missing-MAP_FIXED_NOREPLAC.patch
@@ -0,0 +1,282 @@
+From fa9bcabe2387bb230ef82d62827ad6f93b8a1e61 Mon Sep 17 00:00:00 2001
+From: Frederic Konrad <fkonrad@amd.com>
+Date: Wed, 17 Jan 2024 18:15:06 +0000
+Subject: [PATCH 1/2] linux-user/*: workaround for missing MAP_FIXED_NOREPLACE
+QEMU v8.1.0 recently requires MAP_FIXED_NOREPLACE flags implementation for mmap.
+This is missing from ubuntu 18.04, thus this patch catches the mmap calls which
+could use that new flag and forwards them to mmap when MAP_FIXED_NOREPLACE
+flag isn't set or emulates them by checking the returned address w.r.t the
+requested address.
+Signed-off-by: Frederic Konrad <fkonrad@amd.com>
+Signed-off-by: Francisco Iglesias <francisco.iglesias@amd.com>
+Upstream-Status: Inappropriate [OE specific]
+The upstream only supports the last two major releases of an OS.  The ones
+they have declared all have kernel 4.17 or newer.
+See:
+https://xilinx.slack.com/archives/D04G2647CTV/p1705074697942019
+https://www.qemu.org/docs/master/about/build-platforms.html
+ The project aims to support the most recent major version at all times for up
+ to five years after its initial release. Support for the previous major
+ version will be dropped 2 years after the new major version is released or
+ when the vendor itself drops support, whichever comes first.
+Signed-off-by: Mark Hatle <mark.hatle@amd.com>
+---
+ linux-user/elfload.c    |  7 +++--
+ linux-user/meson.build  |  1 +
+ linux-user/mmap-fixed.c | 63 +++++++++++++++++++++++++++++++++++++++++
+ linux-user/mmap-fixed.h | 39 +++++++++++++++++++++++++
+ linux-user/mmap.c       | 31 +++++++++++---------
+ linux-user/syscall.c    |  1 +
+ 6 files changed, 125 insertions(+), 17 deletions(-)
+ create mode 100644 linux-user/mmap-fixed.c
+ create mode 100644 linux-user/mmap-fixed.h
+Index: qemu-8.2.1/linux-user/elfload.c
+===================================================================
+--- qemu-8.2.1.orig/linux-user/elfload.c
+++ qemu-8.2.1/linux-user/elfload.c
+@@ -22,6 +22,7 @@
+ #include "qemu/error-report.h"
+ #include "target_signal.h"
+ #include "accel/tcg/debuginfo.h"
+#include "mmap-fixed.h"
+ 
+ #ifdef TARGET_ARM
+ #include "target/arm/cpu-features.h"
+@@ -2765,9 +2766,9 @@ static abi_ulong create_elf_tables(abi_u
+ static int pgb_try_mmap(uintptr_t addr, uintptr_t addr_last, bool keep)
+ {
+     size_t size = addr_last - addr + 1;
+-    void *p = mmap((void *)addr, size, PROT_NONE,
+-                   MAP_ANONYMOUS | MAP_PRIVATE |
+-                   MAP_NORESERVE | MAP_FIXED_NOREPLACE, -1, 0);
+    void *p = mmap_fixed_noreplace((void *)addr, size, PROT_NONE,
+                                   MAP_ANONYMOUS | MAP_PRIVATE |
+                                   MAP_NORESERVE | MAP_FIXED_NOREPLACE, -1, 0);
+     int ret;
+ 
+     if (p == MAP_FAILED) {
+Index: qemu-8.2.1/linux-user/meson.build
+===================================================================
+--- qemu-8.2.1.orig/linux-user/meson.build
+++ qemu-8.2.1/linux-user/meson.build
+@@ -14,6 +14,7 @@ linux_user_ss.add(files(
+   'linuxload.c',
+   'main.c',
+   'mmap.c',
+  'mmap-fixed.c',
+   'signal.c',
+   'strace.c',
+   'syscall.c',
+Index: qemu-8.2.1/linux-user/mmap-fixed.c
+===================================================================
+--- /dev/null
+++ qemu-8.2.1/linux-user/mmap-fixed.c
+@@ -0,0 +1,63 @@
+/*
+ * Workaround for MAP_FIXED_NOREPLACE
+ *
+ * Copyright (c) 2024, Advanced Micro Devices, Inc.
+ * Developed by Fred Konrad <fkonrad@amd.com>
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include <sys/mman.h>
+#include <errno.h>
+
+#ifndef MAP_FIXED_NOREPLACE
+#include "mmap-fixed.h"
+
+void *mmap_fixed_noreplace(void *addr, size_t len, int prot, int flags,
+                                  int fd, off_t offset)
+{
+    void *retaddr;
+
+    if (!(flags & MAP_FIXED_NOREPLACE)) {
+        /* General case, use the regular mmap.  */
+        return mmap(addr, len, prot, flags, fd, offset);
+    }
+
+    /* Since MAP_FIXED_NOREPLACE is not implemented, try to emulate it.  */
+    flags = flags & ~(MAP_FIXED_NOREPLACE | MAP_FIXED);
+    retaddr = mmap(addr, len, prot, flags, fd, offset);
+    if ((retaddr == addr) || (retaddr == MAP_FAILED)) {
+        /*
+         * Either the map worked and we get the good address so it can be
+         * returned, or it failed and would have failed the same with
+         * MAP_FIXED*, in which case return MAP_FAILED.
+         */
+        return retaddr;
+    } else {
+        /*
+         * Page has been mapped but not at the requested address.. unmap it and
+         * return EEXIST.
+         */
+        munmap(retaddr, len);
+        errno = EEXIST;
+        return MAP_FAILED;
+    }
+}
+
+#endif
+Index: qemu-8.2.1/linux-user/mmap-fixed.h
+===================================================================
+--- /dev/null
+++ qemu-8.2.1/linux-user/mmap-fixed.h
+@@ -0,0 +1,39 @@
+/*
+ * Workaround for MAP_FIXED_NOREPLACE
+ *
+ * Copyright (c) 2024, Advanced Micro Devices, Inc.
+ * Developed by Fred Konrad <fkonrad@amd.com>
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#ifndef MMAP_FIXED_H
+#define MMAP_FIXED_H
+
+#ifndef MAP_FIXED_NOREPLACE
+#define MAP_FIXED_NOREPLACE 0x100000
+
+void *mmap_fixed_noreplace(void *addr, size_t len, int prot, int flags,
+                           int fd, off_t offset);
+
+#else /* MAP_FIXED_NOREPLACE */
+#define mmap_fixed_noreplace mmap
+#endif /* MAP_FIXED_NOREPLACE */
+
+#endif /* MMAP_FIXED_H */
+Index: qemu-8.2.1/linux-user/mmap.c
+===================================================================
+--- qemu-8.2.1.orig/linux-user/mmap.c
+++ qemu-8.2.1/linux-user/mmap.c
+@@ -25,6 +25,7 @@
+ #include "user-mmap.h"
+ #include "target_mman.h"
+ #include "qemu/interval-tree.h"
+#include "mmap-fixed.h"
+ 
+ #ifdef TARGET_ARM
+ #include "target/arm/cpu-features.h"
+@@ -273,7 +274,7 @@ int target_mprotect(abi_ulong start, abi
+ static int do_munmap(void *addr, size_t len)
+ {
+     if (reserved_va) {
+-        void *ptr = mmap(addr, len, PROT_NONE,
+        void *ptr =  mmap_fixed_noreplace(addr, len, PROT_NONE,
+                          MAP_FIXED | MAP_ANONYMOUS
+                          | MAP_PRIVATE | MAP_NORESERVE, -1, 0);
+         return ptr == addr ? 0 : -1;
+@@ -319,9 +320,9 @@ static bool mmap_frag(abi_ulong real_sta
+          * outside of the fragment we need to map.  Allocate a new host
+          * page to cover, discarding whatever else may have been present.
+          */
+-        void *p = mmap(host_start, qemu_host_page_size,
+-                       target_to_host_prot(prot),
+-                       flags | MAP_ANONYMOUS, -1, 0);
+        void *p = mmap_fixed_noreplace(host_start, qemu_host_page_size,
+                                       target_to_host_prot(prot),
+                                       flags | MAP_ANONYMOUS, -1, 0);
+         if (p != host_start) {
+             if (p != MAP_FAILED) {
+                 munmap(p, qemu_host_page_size);
+@@ -420,8 +421,9 @@ abi_ulong mmap_find_vma(abi_ulong start,
+          *  - mremap() with MREMAP_FIXED flag
+          *  - shmat() with SHM_REMAP flag
+          */
+-        ptr = mmap(g2h_untagged(addr), size, PROT_NONE,
+-                   MAP_ANONYMOUS | MAP_PRIVATE | MAP_NORESERVE, -1, 0);
+        ptr = mmap_fixed_noreplace(g2h_untagged(addr), size, PROT_NONE,
+                                   MAP_ANONYMOUS | MAP_PRIVATE | MAP_NORESERVE,
+                                   -1, 0);
+ 
+         /* ENOMEM, if host address space has no memory */
+         if (ptr == MAP_FAILED) {
+@@ -615,16 +617,16 @@ abi_long target_mmap(abi_ulong start, ab
+          * especially important if qemu_host_page_size >
+          * qemu_real_host_page_size.
+          */
+-        p = mmap(g2h_untagged(start), host_len, host_prot,
+-                 flags | MAP_FIXED | MAP_ANONYMOUS, -1, 0);
+        p = mmap_fixed_noreplace(g2h_untagged(start), host_len, host_prot,
+                                 flags | MAP_FIXED | MAP_ANONYMOUS, -1, 0);
+         if (p == MAP_FAILED) {
+             goto fail;
+         }
+         /* update start so that it points to the file position at 'offset' */
+         host_start = (uintptr_t)p;
+         if (!(flags & MAP_ANONYMOUS)) {
+-            p = mmap(g2h_untagged(start), len, host_prot,
+-                     flags | MAP_FIXED, fd, host_offset);
+            p = mmap_fixed_noreplace(g2h_untagged(start), len, host_prot,
+                                     flags | MAP_FIXED, fd, host_offset);
+             if (p == MAP_FAILED) {
+                 munmap(g2h_untagged(start), host_len);
+                 goto fail;
+@@ -749,8 +751,9 @@ abi_long target_mmap(abi_ulong start, ab
+             len1 = real_last - real_start + 1;
+             want_p = g2h_untagged(real_start);
+ 
+-            p = mmap(want_p, len1, target_to_host_prot(target_prot),
+-                     flags, fd, offset1);
+            p = mmap_fixed_noreplace(want_p, len1,
+                                     target_to_host_prot(target_prot),
+                                     flags, fd, offset1);
+             if (p != want_p) {
+                 if (p != MAP_FAILED) {
+                     munmap(p, len1);
+Index: qemu-8.2.1/linux-user/syscall.c
+===================================================================
+--- qemu-8.2.1.orig/linux-user/syscall.c
+++ qemu-8.2.1/linux-user/syscall.c
+@@ -145,6 +145,7 @@
+ #include "qapi/error.h"
+ #include "fd-trans.h"
+ #include "cpu_loop-common.h"
+#include "mmap-fixed.h"
+ 
+ #ifndef CLONE_IO
+ #define CLONE_IO                0x80000000      /* Clone io context */
diff --git a/meta/recipes-devtools/qemu/qemu/0012-linux-user-workaround-for-missing-MAP_SHARED_VALIDAT.patch b/meta/recipes-devtools/qemu/qemu/0012-linux-user-workaround-for-missing-MAP_SHARED_VALIDAT.patch
new file mode 100644
index 0000000000..48034a4680
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/0012-linux-user-workaround-for-missing-MAP_SHARED_VALIDAT.patch
@@ -0,0 +1,51 @@
+From 5c73e53997df800a742f9cd7355f3045861984bb Mon Sep 17 00:00:00 2001
+From: Frederic Konrad <fkonrad@amd.com>
+Date: Thu, 18 Jan 2024 10:43:44 +0000
+Subject: [PATCH 2/2] linux-user/*: workaround for missing MAP_SHARED_VALIDATE
+QEMU v8.1.0 recently requires MAP_SHARED_VALIDATE flags implementation for mmap.
+This is missing from the Ubuntu 18.04 compiler but looks like to be in the
+kernel source.
+Signed-off-by: Frederic Konrad <fkonrad@amd.com>
+Signed-off-by: Francisco Iglesias <francisco.iglesias@amd.com>
+Upstream-Status: Inappropriate [OE specific]
+The upstream only supports the last two major releases of an OS.  The ones
+they have declared all have kernel 4.17 or newer.
+See:
+https://xilinx.slack.com/archives/D04G2647CTV/p1705074697942019
+https://www.qemu.org/docs/master/about/build-platforms.html
+ The project aims to support the most recent major version at all times for up
+ to five years after its initial release. Support for the previous major
+ version will be dropped 2 years after the new major version is released or
+ when the vendor itself drops support, whichever comes first.
+Signed-off-by: Mark Hatle <mark.hatle@amd.com>
+---
+ linux-user/mmap-fixed.h | 4 ++++
+ 1 file changed, 4 insertions(+)
+diff --git a/linux-user/mmap-fixed.h b/linux-user/mmap-fixed.h
+index ef6eef5114..ec86586c1f 100644
+--- a/linux-user/mmap-fixed.h
+++ b/linux-user/mmap-fixed.h
+@@ -26,6 +26,10 @@
+ #ifndef MMAP_FIXED_H
+ #define MMAP_FIXED_H
+ 
+#ifndef MAP_SHARED_VALIDATE
+#define MAP_SHARED_VALIDATE 0x03
+#endif
+
+ #ifndef MAP_FIXED_NOREPLACE
+ #define MAP_FIXED_NOREPLACE 0x100000
+ 
+-- 
+2.34.1
diff --git a/meta/recipes-devtools/qemu/qemu/4a8579ad8629b57a43daa62e46cc7af6e1078116.patch b/meta/recipes-devtools/qemu/qemu/4a8579ad8629b57a43daa62e46cc7af6e1078116.patch
new file mode 100644
index 0000000000..5ad859ebe6
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/4a8579ad8629b57a43daa62e46cc7af6e1078116.patch
@@ -0,0 +1,60 @@
+From 4a8579ad8629b57a43daa62e46cc7af6e1078116 Mon Sep 17 00:00:00 2001
+From: Richard Henderson <richard.henderson@linaro.org>
+Date: Tue, 13 Feb 2024 10:20:27 -1000
+Subject: [PATCH] linux-user: Split out do_munmap
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+Upstream-Status: Submitted [https://gitlab.com/rth7680/qemu/-/commit/4a8579ad8629b57a43daa62e46cc7af6e1078116]
+Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+---
+ linux-user/mmap.c | 23 ++++++++++++++++-------
+ 1 file changed, 16 insertions(+), 7 deletions(-)
+diff --git a/linux-user/mmap.c b/linux-user/mmap.c
+index 1bbfeb25b14..8ebcca44444 100644
+--- a/linux-user/mmap.c
+++ b/linux-user/mmap.c
+@@ -267,6 +267,21 @@ int target_mprotect(abi_ulong start, abi_ulong len, int target_prot)
+     return ret;
+ }
+ 
+/*
+ * Perform munmap on behalf of the target, with host parameters.
+ * If reserved_va, we must replace the memory reservation.
+ */
+static int do_munmap(void *addr, size_t len)
+{
+    if (reserved_va) {
+        void *ptr = mmap(addr, len, PROT_NONE,
+                         MAP_FIXED | MAP_ANONYMOUS
+                         | MAP_PRIVATE | MAP_NORESERVE, -1, 0);
+        return ptr == addr ? 0 : -1;
+    }
+    return munmap(addr, len);
+}
+
+ /* map an incomplete host page */
+ static bool mmap_frag(abi_ulong real_start, abi_ulong start, abi_ulong last,
+                       int prot, int flags, int fd, off_t offset)
+@@ -854,13 +869,7 @@ static int mmap_reserve_or_unmap(abi_ulong start, abi_ulong len)
+     real_len = real_last - real_start + 1;
+     host_start = g2h_untagged(real_start);
+ 
+-    if (reserved_va) {
+-        void *ptr = mmap(host_start, real_len, PROT_NONE,
+-                         MAP_FIXED | MAP_ANONYMOUS
+-                         | MAP_PRIVATE | MAP_NORESERVE, -1, 0);
+-        return ptr == host_start ? 0 : -1;
+-    }
+-    return munmap(host_start, real_len);
+    return do_munmap(host_start, real_len);
+ }
+ 
+ int target_munmap(abi_ulong start, abi_ulong len)
+-- 
+GitLab
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2023-6683.patch b/meta/recipes-devtools/qemu/qemu/CVE-2023-6683.patch
new file mode 100644
index 0000000000..732cb6af18
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2023-6683.patch
@@ -0,0 +1,91 @@
+From 405484b29f6548c7b86549b0f961b906337aa68a Mon Sep 17 00:00:00 2001
+From: Fiona Ebner <f.ebner@proxmox.com>
+Date: Wed, 24 Jan 2024 11:57:48 +0100
+Subject: [PATCH] ui/clipboard: mark type as not available when there is no
+ data
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+With VNC, a client can send a non-extended VNC_MSG_CLIENT_CUT_TEXT
+message with len=0. In qemu_clipboard_set_data(), the clipboard info
+will be updated setting data to NULL (because g_memdup(data, size)
+returns NULL when size is 0). If the client does not set the
+VNC_ENCODING_CLIPBOARD_EXT feature when setting up the encodings, then
+the 'request' callback for the clipboard peer is not initialized.
+Later, because data is NULL, qemu_clipboard_request() can be reached
+via vdagent_chr_write() and vdagent_clipboard_recv_request() and
+there, the clipboard owner's 'request' callback will be attempted to
+be called, but that is a NULL pointer.
+In particular, this can happen when using the KRDC (22.12.3) VNC
+client.
+Another scenario leading to the same issue is with two clients (say
+noVNC and KRDC):
+The noVNC client sets the extension VNC_FEATURE_CLIPBOARD_EXT and
+initializes its cbpeer.
+The KRDC client does not, but triggers a vnc_client_cut_text() (note
+it's not the _ext variant)). There, a new clipboard info with it as
+the 'owner' is created and via qemu_clipboard_set_data() is called,
+which in turn calls qemu_clipboard_update() with that info.
+In qemu_clipboard_update(), the notifier for the noVNC client will be
+called, i.e. vnc_clipboard_notify() and also set vs->cbinfo for the
+noVNC client. The 'owner' in that clipboard info is the clipboard peer
+for the KRDC client, which did not initialize the 'request' function.
+That sounds correct to me, it is the owner of that clipboard info.
+Then when noVNC sends a VNC_MSG_CLIENT_CUT_TEXT message (it did set
+the VNC_FEATURE_CLIPBOARD_EXT feature correctly, so a check for it
+passes), that clipboard info is passed to qemu_clipboard_request() and
+the original segfault still happens.
+Fix the issue by handling updates with size 0 differently. In
+particular, mark in the clipboard info that the type is not available.
+While at it, switch to g_memdup2(), because g_memdup() is deprecated.
+Cc: qemu-stable@nongnu.org
+Fixes: CVE-2023-6683
+Reported-by: Markus Frank <m.frank@proxmox.com>
+Suggested-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+Tested-by: Markus Frank <m.frank@proxmox.com>
+Message-ID: <20240124105749.204610-1-f.ebner@proxmox.com>
+CVE: CVE-2023-6683
+Upstream-Status: Backport [https://github.com/qemu/qemu/commit/405484b29f6548c7b86549b0f961b906337aa68a]
+Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
+---
+ ui/clipboard.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+diff --git a/ui/clipboard.c b/ui/clipboard.c
+index 3d14bffaf80f..b3f6fa3c9e1f 100644
+--- a/ui/clipboard.c
+++ b/ui/clipboard.c
+@@ -163,9 +163,15 @@ void qemu_clipboard_set_data(QemuClipboardPeer *peer,
+     }
+ 
+     g_free(info->types[type].data);
+-    info->types[type].data = g_memdup(data, size);
+-    info->types[type].size = size;
+-    info->types[type].available = true;
+    if (size) {
+        info->types[type].data = g_memdup2(data, size);
+        info->types[type].size = size;
+        info->types[type].available = true;
+    } else {
+        info->types[type].data = NULL;
+        info->types[type].size = 0;
+        info->types[type].available = false;
+    }
+ 
+     if (update) {
+         qemu_clipboard_update(info);
diff --git a/meta/recipes-devtools/qemu/qemu/cross.patch b/meta/recipes-devtools/qemu/qemu/cross.patch
deleted file mode 100644
index 438c1ad086..0000000000
--- a/meta/recipes-devtools/qemu/qemu/cross.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-We need to be able to trigger configure's cross code but we don't want
-to set cross_prefix as it does other things we don't want. Patch things
-so we can do what we need in the target config case.
-Upstream-Status: Inappropriate [may be rewritten in a way upstream may accept?]
-Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-Index: qemu-5.2.0/configure
-===================================================================
--- qemu-5.2.0.orig/configure
-+++ qemu-5.2.0/configure
-@@ -6973,7 +6973,6 @@ if has $sdl2_config; then
- fi
- echo "strip = [$(meson_quote $strip)]" >> $cross
- echo "windres = [$(meson_quote $windres)]" >> $cross
-if test -n "$cross_prefix"; then
-     cross_arg="--cross-file config-meson.cross"
-     echo "[host_machine]" >> $cross
-     if test "$mingw32" = "yes" ; then
-@@ -6999,9 +6998,6 @@ if test -n "$cross_prefix"; then
-     else
-         echo "endian = 'little'" >> $cross
-     fi
-else
-    cross_arg="--native-file config-meson.cross"
-fi
- mv $cross config-meson.cross
- 
- rm -rf meson-private meson-info meson-logs
diff --git a/meta/recipes-devtools/qemu/qemu/determinism.patch b/meta/recipes-devtools/qemu/qemu/determinism.patch
deleted file mode 100644
index cb1c907777..0000000000
--- a/meta/recipes-devtools/qemu/qemu/determinism.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-When sources are included within debug information, a couple of areas of the 
-qemu build are not reproducible due to either full buildpaths or timestamps.
-Replace the full paths with relative ones. I couldn't figure out how to get
-meson to pass relative paths but we can fix that in the script.
-For the keymaps, omit the timestamps as they don't matter to us.
-Upstream-Status: Pending [some version of all/part of this may be accepted]
-RP 2021/3/1
-Index: qemu-5.2.0/scripts/decodetree.py
-===================================================================
--- qemu-5.2.0.orig/scripts/decodetree.py
-+++ qemu-5.2.0/scripts/decodetree.py
-@@ -1303,8 +1303,8 @@ def main():
-     toppat = ExcMultiPattern(0)
- 
-     for filename in args:
-        input_file = filename
-        f = open(filename, 'r')
-+        input_file = os.path.relpath(filename)
-+        f = open(input_file, 'r')
-         parse_file(f, toppat)
-         f.close()
- 
-Index: qemu-5.2.0/ui/keycodemapdb/tools/keymap-gen
-===================================================================
--- qemu-5.2.0.orig/ui/keycodemapdb/tools/keymap-gen
-+++ qemu-5.2.0/ui/keycodemapdb/tools/keymap-gen
-@@ -317,9 +317,8 @@ class LanguageGenerator(object):
-         raise NotImplementedError()
- 
-     def generate_header(self, database, args):
-        today = time.strftime("%Y-%m-%d %H:%M")
-         self._boilerplate([
-            "This file is auto-generated from keymaps.csv on %s" % today,
-+            "This file is auto-generated from keymaps.csv",
-             "Database checksum sha256(%s)" % database.mapchecksum,
-             "To re-generate, run:",
-             "  %s" % args,
diff --git a/meta/recipes-devtools/qemu/qemu/fixedmeson.patch b/meta/recipes-devtools/qemu/qemu/fixedmeson.patch
new file mode 100644
index 0000000000..9047f66dc3
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/fixedmeson.patch
@@ -0,0 +1,20 @@
+Upstream-Status: Inappropriate [workaround, would need a real fix for upstream]
+Index: qemu-8.2.0/configure
+===================================================================
+--- qemu-8.2.0.orig/configure
+++ qemu-8.2.0/configure
+@@ -955,12 +955,7 @@ fi
+ $mkvenv ensuregroup --dir "${source_path}/python/wheels" \
+      ${source_path}/pythondeps.toml meson || exit 1
+ 
+-# At this point, we expect Meson to be installed and available.
+-# We expect mkvenv or pip to have created pyvenv/bin/meson for us.
+-# We ignore PATH completely here: we want to use the venv's Meson
+-# *exclusively*.
+-
+-meson="$(cd pyvenv/bin; pwd)/meson"
+meson=`which meson`
+ 
+ # Conditionally ensure Sphinx is installed.
+ 
diff --git a/meta/recipes-devtools/qemu/qemu/mingwfix.patch b/meta/recipes-devtools/qemu/qemu/mingwfix.patch
deleted file mode 100644
index 8d76cef638..0000000000
--- a/meta/recipes-devtools/qemu/qemu/mingwfix.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-OE assumes that mingw files are in a unix like file layout. The
-'flattening' done by configure in qemu for mingw32 breaks things
-for us. We are discussing with upstream but for now, hack this to
-disable it and use the unix like layout everywhere.
-Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-Upstream-Status: Submitted [https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg01073.html]
-Index: qemu-5.2.0/configure
-===================================================================
--- qemu-5.2.0.orig/configure
-+++ qemu-5.2.0/configure
-@@ -1541,7 +1541,7 @@ libdir="${libdir:-$prefix/lib}"
- libexecdir="${libexecdir:-$prefix/libexec}"
- includedir="${includedir:-$prefix/include}"
- 
-if test "$mingw32" = "yes" ; then
-+if test "$mingw32" = "dontwantthis" ; then
-     mandir="$prefix"
-     datadir="$prefix"
-     docdir="$prefix"
diff --git a/meta/recipes-devtools/qemu/qemu/mmap.patch b/meta/recipes-devtools/qemu/qemu/mmap.patch
deleted file mode 100644
index edd9734f30..0000000000
--- a/meta/recipes-devtools/qemu/qemu/mmap.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-If mremap() is called without the MREMAP_MAYMOVE flag with a start address
-just before the end of memory (reserved_va) where new_size would exceed 
-GUEST_ADD_MAX, the assert(end - 1 <= GUEST_ADDR_MAX) in page_set_flags() 
-would trigger.
-Add an extra guard to the guest_range_valid() checks to prevent this and
-avoid asserting binaries when reserved_va is set.
-This meant a test case now gives the same behaviour regardless of whether
-reserved_va is set or not.
-Upstream-Status: Backport [https://github.com/qemu/qemu/commit/ccc5ccc17f8cfbfd87d9aede5d12a2d47c56e712]
-Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org
-Index: qemu-5.2.0/linux-user/mmap.c
-===================================================================
--- qemu-5.2.0.orig/linux-user/mmap.c
-+++ qemu-5.2.0/linux-user/mmap.c
-@@ -727,7 +727,9 @@ abi_long target_mremap(abi_ulong old_add
- 
-     if (!guest_range_valid(old_addr, old_size) ||
-         ((flags & MREMAP_FIXED) &&
-         !guest_range_valid(new_addr, new_size))) {
-+         !guest_range_valid(new_addr, new_size)) ||
-+        ((flags & MREMAP_MAYMOVE) == 0 &&
-+         !guest_range_valid(old_addr, new_size))) {
-         errno = ENOMEM;
-         return -1;
-     }
diff --git a/meta/recipes-devtools/qemu/qemu/no-pip.patch b/meta/recipes-devtools/qemu/qemu/no-pip.patch
new file mode 100644
index 0000000000..92b2edbe9f
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/no-pip.patch
@@ -0,0 +1,45 @@
+qemu: Ensure pip and the python venv aren't used for meson
+Qemu wants to use a supported python version and a specific meson version
+to "help" users and uses pip and creates a venv to do this. This is a nightmare
+for us. Our versions stay up to date and should be supported so we don't
+really need/want this wrapping. Tweak things to disable it.
+There was breakage from the wrapper shown by:
+bitbake qemu-system-native
+<add DISTRO_FEATURES:remove = "opengl" to local.conf>
+bitbake qemu-system-native -c configure
+which would crash. The issue is the change in configuration removes pieces
+from the sysroot but pyc files remainm as do pieces of pip which causes
+problems.
+Ideally we'd convince upstream to allow some way to disable the venv on
+the understanding that if/when it breaks, we keep the pieces. The patch
+as it stands is a workaround.
+Upstream-Status: Inappropriate [oe specific]
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+Index: qemu-8.2.0/configure
+===================================================================
+--- qemu-8.2.0.orig/configure
+++ qemu-8.2.0/configure
+@@ -937,7 +937,7 @@ python="$(command -v "$python")"
+ echo "python determined to be '$python'"
+ echo "python version: $($python --version)"
+ 
+-python="$($python -B "${source_path}/python/scripts/mkvenv.py" create pyvenv)"
+python=python3
+ if test "$?" -ne 0 ; then
+     error_exit "python venv creation failed"
+ fi
+@@ -945,6 +945,7 @@ fi
+ # Suppress writing compiled files
+ python="$python -B"
+ mkvenv="$python ${source_path}/python/scripts/mkvenv.py"
+mkvenv=true
+ 
+ # Finish preparing the virtual environment using vendored .whl files
+ 
diff --git a/meta/recipes-devtools/qemu/qemu/qemu-guest-agent.init b/meta/recipes-devtools/qemu/qemu/qemu-guest-agent.init
new file mode 100644
index 0000000000..5ebaaddeae
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/qemu-guest-agent.init
@@ -0,0 +1,75 @@
+# SPDX-License-Identifier: GPL-2.0-only
+# Initially written by: Michael Tokarev <mjt@tls.msk.ru>
+# For QEMU Debian downstream package
+set -e
+. /etc/init.d/functions
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC="QEMU Guest Agent"
+NAME=qemu-ga
+DAEMON=@bindir@/$NAME
+PIDFILE=/var/run/$NAME.pid
+# config
+DAEMON_ARGS=""
+# default transport
+TRANSPORT=virtio-serial:/dev/virtio-ports/org.qemu.guest_agent.0
+NO_START=0
+test ! -r /etc/default/qemu-guest-agent || . /etc/default/qemu-guest-agent
+test "$NO_START" = "0" || exit 0
+test -x "$DAEMON" || exit 0
+#
+# Function that checks whenever system has necessary environment
+# It also splits $TRANSPORT into $method and $path
+#
+do_check_transport() {
+        method=${TRANSPORT%%:*};
+        path=${TRANSPORT#*:}
+        case "$method" in
+            virtio-serial | isa-serial)
+                if [ ! -e "$path" ]; then
+                    echo "$NAME: transport endpoint not found, not starting"
+                    return 1
+                fi
+                ;;
+        esac
+}
+case "$1" in
+  start)
+        do_check_transport || exit 0
+        echo -n "Starting $DESC: "
+        start-stop-daemon -S -p $PIDFILE -x "$DAEMON" -- \
+                $DAEMON_ARGS -d -m "$method" -p "$path"
+        echo "$NAME."
+        ;;
+  stop)
+        echo -n "Stopping $DESC: "
+        start-stop-daemon -K -x "$DAEMON" -p $PIDFILE
+        echo "$NAME."
+        ;;
+  status)
+        status "$DAEMON"
+        exit $?
+        ;;
+  restart|force-reload)
+        do_check_transport || exit 0
+        echo -n "Restarting $DESC: "
+        start-stop-daemon -K -x "$DAEMON" -p $PIDFILE
+        sleep 1
+        start-stop-daemon -S -p $PIDFILE -x "$DAEMON" -- \
+                $DAEMON_ARGS -d -m "$method" -p "$path"
+        echo "$NAME."
+        ;;
+  *)
+        N=/etc/init.d/$NAME
+        echo "Usage: $N {start|stop|status|restart|force-reload}" >&2
+        exit 1
+        ;;
+esac
+exit 0
diff --git a/meta/recipes-devtools/qemu/qemu/qemu-guest-agent.udev b/meta/recipes-devtools/qemu/qemu/qemu-guest-agent.udev
new file mode 100644
index 0000000000..47097057e3
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/qemu-guest-agent.udev
@@ -0,0 +1,2 @@
+SUBSYSTEM=="virtio-ports", ATTR{name}=="org.qemu.guest_agent.0", \
+  TAG+="systemd", ENV{SYSTEMD_WANTS}="qemu-guest-agent.service"